Did some search but didn't find what I was looking for. We have a fairly complex system in which we have a special shell that is actually a script that runs some checks to make sure the user is coming in via the approved ssh client and if not they are kicked out.
Recently we figured out folks are coming in via winscp and it would appear that winscp does not follow the same rules so the special script not getting invoked and blocking them.
Does users coming in via winscp run the .profile for a given user?
I thought I knew AIX pretty well but this is beyond me at this point.
So users are coming in through winscp and accessing areas that they should not be in. Those areas are more open than they should normally but user when logging in normally don't get shell access they are forced into a program so the areas of concerns were never accessible to them. It's really an application issue that is causing those sensitive areas to be open like they are so they can't be locked down at the file/directory level.
Is anyone aware of a way to lock a user down into their home directory when using tools like winscp? We use chroot type security on our linux "FTP". But not sure how putting chroot type security on this AIX server might affect normal enduser logins to the application that resides on this server as when they come in like they should the application is the one accessing the other sensitive areas and is not allowing the user to access areas that don't belong to them.
Do these users even have permissions to access folders beyond the one they're supposed to chroot into? There are many ways around the application, probably, but no way around the operating system.
Do you want that your users still be able to use scp/sftp or you don't need these tools? If you don't need them, it is easy to switch them off and there is nothing AIX-specific in it.