RE: Security options :-(

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security options :-(

From:	Douglas Finkle
Subject:	RE: Security options :-(
Date:	Tue, 17 Dec 2002 11:31:29 -0500

> > > That is, cvsphil can't login from the console, from telnet,
> > > rlogin, etc.  I think this is mainly done by setting his 
> login shell to
> > > "/sbin/nologin" or the equivalent.
> >
> > You'll also need to configure cvsphil such that he can only 
> log on with 
> > a particular keypair. Otherwise, what stops phil from using the su 
> > command to sidestep this elaborate configuration?
> 
> [/home/mzieg] mzieg $ grep cvsmark /etc/passwd
> cvsmark:x:510:510:CVS-only account for Mark 
> Zieg:/home/cvsmark:/sbin/nologin
> 
> [/home/mzieg] mzieg $ su cvsmark
> Password:
> This account is currently not available.
> 
> [/home/mzieg] mzieg $ su cvsmark -c "ls /usr/local/cvsroot"
> Password:
> This account is currently not available.

AFAIK, ssh requires a real shell-- but you can disable passwd
auth at the os and application layer.  This is my recollection
of how it worked on solaris. I am presently doing this along w/
restricting the ssh key usage to a single command-- only difference
is I allow *no* logins on the cvs server at all, except at the
admin level.

[Prev in Thread]

Current Thread

[Next in Thread]

RE: Security options :-(, Zieg, Mark, 2002/12/17
- Re: Security options :-(, Phil R Lawrence, 2002/12/17
- RE: Security options :-(, Zieg, Mark, 2002/12/17
  - Re: Security options :-(, Geoff Beier, 2002/12/17
- RE: Security options :-(, Zieg, Mark, 2002/12/17
  - Re: Security options, Phil R Lawrence, 2002/12/19
    - Re: Security options, Kaz Kylheku, 2002/12/19
- RE: Security options :-(, Douglas Finkle <=

Prev by Date: Re: Security setup
Next by Date: Weird problem, not urgent, just curious
Previous by thread: Re: Security options
Next by thread: Solaris install help?
Index(es):
- Date
- Thread