I have an issue that I can't seem to find an easy solution to.
I have a RHEL 5 joined to an AD domain and have several users that have scp and ssh access to this server.
Now I have to restrict some users to only scp access and chroot them to their home directory but I can't restrict their access to scp only without doing it for all users.
my smb.conf has the following line:
template shell = /bin/bash
So my dilemma is, if I change the template shell to /usr/bin/rssh, it will change it for every single AD user that connects to this server. But I don't know of any other way to restrict some AD users to scp only. Creating local accounts is really not ideal.
Is there a way to have multiple template shells(based on the user), change the shell in the background when the user logs in, or restrict an AD user to just scp without CLI access?
Thanks in advanced.