[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: repository surfing
From: |
Eric Siegerman |
Subject: |
Re: repository surfing |
Date: |
Thu, 21 Jun 2001 17:41:41 -0400 |
User-agent: |
Mutt/1.2.5i |
On Thu, Jun 21, 2001 at 01:57:32PM -0400, Matthew Riechers wrote:
> Eric Siegerman wrote:
> >
> > I don't
> > recall how, but you can set SSH up so that the *only* command
> > they're allowed to run on that particular box is "cvs".
>
> You can set the user's shell to /usr/local/bin/cvs in /etc/passwd to get
> this effect.
Won't work. It'll do the right restrictions, but it doesn't
invoke cvs with any arguments (specifically "server").
One could also make the user's .profile say
exec /usr/local/bin/cvs server
but I gather that's less than secure. Not sure why; maybe a race
condition that lets you CTRL-C your way to an interactive shell?
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. address@hidden
| | /
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea.
- RFC 1925 (quoting an unnamed source)