[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security options

From: Kaz Kylheku
Subject: Re: Security options
Date: Thu, 19 Dec 2002 10:04:01 -0800 (PST)

On Thu, 19 Dec 2002, Phil R Lawrence wrote:

> My best idea is to leave cvs-phil with a regular shell, but disallow 
> su'ing to cvs-phil (via chuser on AIX, but how about linux?).  Since our 
> server will be physically secured, no one could directly log onto the 
> console as cvs-phil.  Then SSH will be configured to only allow the cvs 
> command.
> Any other thoughts?

You can write a shell script which serves as the user's login shell.
That script can do arbitrary filtering to allow or disallow commands.
I had one such a script that would allow CVS access, but only to a
specified repository. It filtered out any -d option, and put in its

reply via email to

[Prev in Thread] Current Thread [Next in Thread]