Hi there,
I have recently installed Ported Tools and Cozsftp, and have it working Ok.
I am transfering file in batch successfully under my logonid.
I do however have a problem with the "Restricting Users" sample provided.
I am trying to setup restricted accounts for batch userid's .. but setting up the default program as /Coz/bin/cozusers.sh
being:-
#!/bin/sh
# A shell script which can be set as a users default shell
# to only allow certain commands or ssh subsystems to run,
# disallowing full shell logins.
if Ž $# -ge 2 -a "$1" = "-c"
Restricting a user to SFTP
Thanks for the prompt response! I see I have misinterpreted the "restricted access" of your sample.dovetail wrote:The restricted shell technique that you have setup is designed to keep *remote* ssh users from logging into z/OS with a interactive ssh shell, or running programs via ssh other than cozsftp.
It is not to be used for *local* batch userids.
Please describe what you are trying to accomplish.
We are setting up SFTP to transfer ZOS files to external sites where SFTP is now a requirement. These transfers are made in batch.
We would like developers to have access to SFTP with their userid for testing new batch streams. In allowing them SSH authority, we want to restrict them to using SFTP.
In production, we have designated batch id's, which would ideally have the same restrictions to access.
Can this be done?
So, if I understand it, what you want to do is restrict developers to using the cozsftp client, and not the ssh client. I'm not sure how this can be done, since the cozsftp client invokes the ssh client.
What about restricting developers to connecting only to certain networks or ports? This could be done with SAF(RACF) rules.
What about restricting developers to connecting only to certain networks or ports? This could be done with SAF(RACF) rules.