[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cvs ext (ssh), but no shell access..
From: |
Tom Copeland |
Subject: |
Re: cvs ext (ssh), but no shell access.. |
Date: |
Wed, 24 Sep 2003 10:48:31 -0400 |
On Wed, 2003-09-24 at 10:04, Wim Bertels wrote:
> Houdi,
> Its a remote clients/server setup,
> cvs is up and running, but by using the ext method users automatically gain
> shell access to the cvs server, this in NOT intended, how do you solve this.
> (i need to use ssh because i have to use pam_ldap to authenticate the
> cvs-users)
Use a restricted shell - one that only accepts cvs commands. I use this
one to accept only cvs and scp:
====================================
#! /usr/bin/perl -w
#
# $Id: cvssh.pl,v 1.3 2002/06/09 13:48:46 ksoonson Exp $
#
# "Shell" for a restricted account, limiting the available commands
# Roland Mas, debian-sf (Sourceforge for Debian)
#
# Inspired from the grap.c file in Sourceforge 2.5
use strict ;
use vars qw/ @allowed_options @allowed_commands $errmsg @cmd / ;
use subs qw/ &reject / ;
no locale ;
@allowed_options = ('-c', '-e') ;
@allowed_commands = ('cvs','scp') ;
# Clean up our environment
delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};
if ($#ARGV != 1) {
if ($#ARGV < 1) {
$errmsg = "Not enough arguments." ;
} else {
$errmsg = "Too many arguments." ;
}
&reject ;
}
if (scalar (grep { $_ eq $ARGV[0] } @allowed_options) == 0) {
$errmsg = "Option not allowed." ;
&reject ;
}
@cmd = split (/ +/, $ARGV[1]) ;
if (scalar (grep { $_ eq $cmd[0] } @allowed_commands) == 0) {
$errmsg = "Command not allowed." ;
&reject ;
}
exec @cmd ;
sub reject {
print "This is a restricted account.\n" .
"You cannot execute anything here.\n" .
# $errmsg . "\n" .
"Goodbye.\n" ;
exit 1 ;
}
====================================
Yours,
Tom