I don't know about the internals of scp, but I assume on a connection attempt the usual user shell is executed before any access to files is granted?
However, you might want to consider using bash's restricted option (rbash), which disallows changing directory at all and additionaly adds some other nice possibilities. Another idea would be shells/ibsh:
Quote:
Iron Bars Shell is a restricted Unix shell. The user can not step out of, nor
access files outside the home directory. It is written in C for Linux. No
libraries used. It is small, fast, secure. Two ascii configuration files for
more control.
|