Merge pull request #3283 from doktornotor/patch-1

3 files changed, 26 insertions, 5 deletions

diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index 70b4fd7..58b2aff 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -472,6 +472,8 @@ function local_user_set(& $user) {
 	/* Cases here should be ordered by most privileged to least privileged. */
 	if (userHasPrivilege($user, "user-shell-access") || userHasPrivilege($user, "page-all")) {
 		$user_shell = "/bin/tcsh";
+	} elseif (userHasPrivilege($user, "user-copy-files-chroot")) {
+		$user_shell = "/usr/local/sbin/scponlyc";
 	} elseif (userHasPrivilege($user, "user-copy-files")) {
 		$user_shell = "/usr/local/bin/scponly";
 	} elseif (userHasPrivilege($user, "user-ssh-tunnel")) {
diff --git a/src/etc/inc/priv/user.priv.inc b/src/etc/inc/priv/user.priv.inc
index 0fc5ce7..702754a 100644
--- a/src/etc/inc/priv/user.priv.inc
+++ b/src/etc/inc/priv/user.priv.inc
@@ -46,12 +46,19 @@ $priv_list['user-copy-files'] = array();
 $priv_list['user-copy-files']['name']  = gettext("User - System: Copy files (scp)");
 $priv_list['user-copy-files']['descr'] = gettext("Indicates whether this user is allowed to copy files onto the {$g['product_name']} appliance via SCP/SFTP.");
 
+$priv_list['user-copy-files-chroot'] = array();
+$priv_list['user-copy-files-chroot']['name']  = gettext("User - System: Copy files to home directory (chrooted scp)");
+$priv_list['user-copy-files-chroot']['descr'] = gettext("Indicates whether this user is allowed to copy files to the home directory via SCP/SFTP.".
+										"Note: User - System - Copy files (scp) conflicts with this privilege.".
+						       				"Warning: Manual chroot setup required, see /usr/local/etc/rc.d/scponlyc.");
+
 $priv_list['user-ssh-tunnel'] = array();
 $priv_list['user-ssh-tunnel']['name']  = gettext("User - System: SSH tunneling");
 $priv_list['user-ssh-tunnel']['descr'] = gettext("Indicates whether the user is able to login for ".
 										"tunneling via SSH when they have no shell access. ".
-										"Note: User - System - Copy files conflicts with ".
-										"this privilege.");
+										"Note: User - System - Copy files (scp) and ".
+						 				"System: Copy files to home directory (chrooted scp) ".
+										"conflict with this privilege.");
 
 $priv_list['user-ipsec-xauth-dialin'] = array();
 $priv_list['user-ipsec-xauth-dialin']['name'] = gettext("User - VPN: IPsec xauth Dialin");
diff --git a/src/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot b/src/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot
index 2967462..946cb0a 100644
--- a/src/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot
+++ b/src/usr/local/share/locale/en/LC_MESSAGES/pfSense.pot
@@ -3520,10 +3520,22 @@ msgid "User - System: Copy files (scp)"
 msgstr ""
 
 #: src/etc/inc/priv/user.priv.inc:47
-msgid "Indicates whether this user is allowed to copy files onto the %s appliance "
+msgid ""
+"Indicates whether this user is allowed to copy files onto the %s appliance "
 "via SCP/SFTP."
 msgstr ""
 
+#: src/etc/inc/priv/user.priv.inc:50
+msgid "User - System: Copy files to home directory (chrooted scp)"
+msgstr ""
+
+#: src/etc/inc/priv/user.priv.inc:51
+msgid ""
+"Indicates whether this user is allowed to copy files to the home directory via SCP/SFTP."
+"Note: User - System - Copy files (scp) conflicts with this privilege."
+"Warning: Manual chroot setup required, see /usr/local/etc/rc.d/scponlyc."
+msgstr ""
+
 #: src/etc/inc/priv/user.priv.inc:53
 msgid "User - System: SSH tunneling"
 msgstr ""
@@ -3531,8 +3543,8 @@ msgstr ""
 #: src/etc/inc/priv/user.priv.inc:54
 msgid ""
 "Indicates whether the user is able to login for tunneling via SSH when they "
-"have no shell access. Note: User - System - Copy files conflicts with this "
-"privilege."
+"have no shell access. Note: User - System - Copy files and "
+"System: Copy files to home directory (chrooted scp) conflict with this privilege."
 msgstr ""
 
 #: src/etc/inc/priv/user.priv.inc:60