[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: repository surfing

From: Eric Siegerman
Subject: Re: repository surfing
Date: Thu, 21 Jun 2001 17:41:41 -0400
User-agent: Mutt/1.2.5i

On Thu, Jun 21, 2001 at 01:57:32PM -0400, Matthew Riechers wrote:
> Eric Siegerman wrote:
> >
> > I don't
> > recall how, but you can set SSH up so that the *only* command
> > they're allowed to run on that particular box is "cvs".
> You can set the user's shell to /usr/local/bin/cvs in /etc/passwd to get
> this effect.

Won't work.  It'll do the right restrictions, but it doesn't
invoke cvs with any arguments (specifically "server").

One could also make the user's .profile say
        exec /usr/local/bin/cvs server
but I gather that's less than secure.  Not sure why; maybe a race
condition that lets you CTRL-C your way to an interactive shell?


|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        address@hidden
|  |  /
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea.
        - RFC 1925 (quoting an unnamed source)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]