gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implement

From: Momchil Velikov
Subject: Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes
Date: 31 Jan 2004 15:25:02 +0200
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50 
>>>>> "Jan" == Jan Hudec <address@hidden> writes:

Jan> On Sat, Jan 31, 2004 at 14:44:35 +0200, Momchil Velikov wrote:
>> >>>>> "Jan" == Jan Hudec <address@hidden> writes:
>> 
Jan> On Fri, Jan 30, 2004 at 18:09:16 -0500, Colin Walters wrote:
>> >> On Fri, 2004-01-30 at 17:45, Scott Parish wrote:
>> >> If you don't want to give them shell accounts, you could just set their
>> >> shell to a tiny C program which cleans the environment and runs "archd
>> >> --client".
>> 
Jan> It does not even need to do that -- sshd's environment is quite clean
Jan> and there will be no shell to pollute it (the command it execed directly
Jan> by sshd).
>> 
>> Here's what the login shell looks like for my remove cvs+ssh
>> clients.

Jan> Which is not about cleaning an environment, but about doing a chroot...

  Right, I should have posted it as a response to Colin Walters's
message, only that it's probably in my other inbox.  Sorry, if that
was too impolite.

  Anyway, it's an illustration to "If you don't want to give them
shell accounts, you could just set their shell to a tiny C program
..."


Jan> Personaly, I would simply set the shell to
Jan> chroot /home/jdev /usr/bin/cvs server

chroot(2) needs EUID 0.

>> #include <unistd.h>
>> 
>> #define JAIL "/home/jdev"
>> 
>> int 
>> main ()
>> {
>> umask (002);
>> if (chdir (JAIL) == 0 && chroot (JAIL) == 0 && chdir ("/") == 0)
>> { 
>> setuid (getuid ());
>> execl ("/usr/bin/cvs", "cvs", "server", 0);
>> }
>> 
>> return 0;
>> }
reply via email to
[Prev in Thread] Current Thread [Next in Thread]