[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs ext (ssh), but no shell access.. (address@hidden)

From: Mark D. Baushke
Subject: Re: cvs ext (ssh), but no shell access.. (address@hidden)
Date: Thu, 25 Sep 2003 16:16:26 -0700

Wim Bertels <address@hidden> writes:

> for now this what i did:
> for example:
> 1. SSH
> if u put
> test: ... :/var/lib/cvs:usr/bin/cvs

Assuming you meant to put /usr/bin/cvs in the passwd file, this is not
good as it needs the 'server' command-line argument rather than whatever
arguments the init process might pass to a login shell.

> in the /etc/passwd file
> U cant connect using ssh to the cvs server (the cvs command alone is not
> enough, dont ask me why,
> but i suppose it also needs things like ls, mkdir, scp ..)
> so the only way is to use a restricted shell instead of /usr/bin/cvs
> but then again, the user has shell access (maybe use chroot or something)

Yes, a restricted shell that knows how to execute /usr/bin/cvs is fine.
You will have problems using chroot unless you put your entire repository
into the chroot()ed jail too.

> so i'm not using this, but i'm using the following
> 2. pserver and stunnel
> why? no shell, secure connection..

There are multiple methods of access for multiple kinds of users.

> maybe it would be a good idea to have a config file like you have for
> example for postgresql
> (pg_hba.conf), where you can put who can connect in which way (including
> ident, pam, md5, krb5..) to the server

The development version of cvs ( in the repository
has at least part of a PAM implementation for :pserver: connections. I
have not used it myself.

        Good luck,
        -- Mark

reply via email to

[Prev in Thread] Current Thread [Next in Thread]