add class for scp and sftp

2 files changed, 14 insertions, 0 deletions

diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp
index 3ce1e0d0..54452026 100644
--- a/modules/restrictshell/manifests/init.pp
+++ b/modules/restrictshell/manifests/init.pp
@@ -77,4 +77,16 @@ class restrictshell {
     class allow_svn {
         allow{ "svn": }
     }
+
+    class allow_scp {
+        allow{ "scp": }
+    }
+
+    class allow_sftp {
+        allow{ "sftp": }
+    }
+    # technically, we could add cvs too
+    # but I doubt we will use it one day
+
+
 }
diff --git a/modules/restrictshell/templates/membersh-conf.pl b/modules/restrictshell/templates/membersh-conf.pl
index 203a2c94..ea7d2957 100755
--- a/modules/restrictshell/templates/membersh-conf.pl
+++ b/modules/restrictshell/templates/membersh-conf.pl
@@ -11,6 +11,8 @@ $bin_rsync = "/usr/bin/rsync";
 $regexp_rsync = "^rsync --server";
 $regexp_dir_rsync = "^/.*";
 
+$bin_sftp = "<%= lib_dir %>/ssh/sftp-server";
+$regexp_sftp = "^(/usr/lib{64,}/ssh/sftp-server|/usr/lib/sftp-server|/usr/libexec/sftp-server|/usr/lib/openssh/sftp-server)";
 
 foreach my $f (glob("/etc/membersh-conf.d/allow_*pl")) {
     do($f)