[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: --allow-root and init via SSH
From: |
Stephan Feder |
Subject: |
Re: --allow-root and init via SSH |
Date: |
Thu, 13 Dec 2001 12:27:43 +0100 |
Hi Greg,
what I meant was specifying --allow-root on the server side. Otherwise
users could easily circumvent the restriction. If you specify :ext: on
the client side the ssh server just calls <login> -c 'cvs server'
(<login> is your shell as in /etc/passwd). What I did is entering my own
little program in /etc/passwd which, if called with the arguments
mentioned above executes 'cvs --allow-root <repository> server' but this
does not have any effect. There is a patch available for that problem
(just search the list archive) but AFAIK it is not incorporated into the
mainstream sources.
Regards
Stephan
--
Gerhard Sittig wrote:
>
> On Tue, Dec 11, 2001 at 13:12 -0500, Larry Jones wrote:
> > Greg A. Woods writes:
> > >
> > > > Is --allow-root evaluated for "cvs server" in the current development
> > > > version, or is it at least on the todo list?
> > >
> > > Now you're really asking for trouble. [ ... slight misreading :) ... ]
> >
> > He was speaking of the CVS --allow-root= option that specifies (for
> > pserver) what the allowable CVSROOT directories are.
>
> So, *is* the --allow-root option evaluated for the "cvs server"
> case? I did a very quick test lately trying to restrict access
> to one of two repos but still was allowed to access both of them.
> Since I'm not absolutely positive that I did everything right,
> could somebody please verify or deny that it's worth to try this
> combo (":ext:" plus "--allow-root")?
>
> BTW: This would be one reason less pushing people towards the
> :pserver: method. And being ortoghonal(sp?) cannot be wrong. :>
>
> virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
> Gerhard Sittig true | mail -s "get gpg key" address@hidden
> --
> If you don't understand or are scared by any of the above
> ask your parents or an adult to help you.
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
- --allow-root and init via SSH, Stephan Feder, 2001/12/11
- Re: --allow-root and init via SSH, Greg A. Woods, 2001/12/11
- Re: --allow-root and init via SSH, Larry Jones, 2001/12/11
- Re: --allow-root and init via SSH, Greg A. Woods, 2001/12/11
- Re: --allow-root and init via SSH, Gerhard Sittig, 2001/12/12
- Re: --allow-root and init via SSH, Larry Jones, 2001/12/12
- Re: --allow-root and init via SSH, Stephan Feder, 2001/12/13
- Re: --allow-root and init via SSH, Larry Jones, 2001/12/13
- Re: --allow-root and init via SSH,
Stephan Feder <=