[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security options
From: |
Kaz Kylheku |
Subject: |
Re: Security options |
Date: |
Thu, 19 Dec 2002 10:04:01 -0800 (PST) |
On Thu, 19 Dec 2002, Phil R Lawrence wrote:
> My best idea is to leave cvs-phil with a regular shell, but disallow
> su'ing to cvs-phil (via chuser on AIX, but how about linux?). Since our
> server will be physically secured, no one could directly log onto the
> console as cvs-phil. Then SSH will be configured to only allow the cvs
> command.
>
> Any other thoughts?
You can write a shell script which serves as the user's login shell.
That script can do arbitrary filtering to allow or disallow commands.
I had one such a script that would allow CVS access, but only to a
specified repository. It filtered out any -d option, and put in its
own.