[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cvs ext (ssh), but no shell access.. (address@hidden)
From: |
Mark D. Baushke |
Subject: |
Re: cvs ext (ssh), but no shell access.. (address@hidden) |
Date: |
Thu, 25 Sep 2003 16:16:26 -0700 |
Wim Bertels <address@hidden> writes:
> for now this what i did:
>
> for example:
> 1. SSH
> if u put
> test: ... :/var/lib/cvs:usr/bin/cvs
Assuming you meant to put /usr/bin/cvs in the passwd file, this is not
good as it needs the 'server' command-line argument rather than whatever
arguments the init process might pass to a login shell.
> in the /etc/passwd file
> U cant connect using ssh to the cvs server (the cvs command alone is not
> enough, dont ask me why,
> but i suppose it also needs things like ls, mkdir, scp ..)
> so the only way is to use a restricted shell instead of /usr/bin/cvs
> but then again, the user has shell access (maybe use chroot or something)
Yes, a restricted shell that knows how to execute /usr/bin/cvs is fine.
You will have problems using chroot unless you put your entire repository
into the chroot()ed jail too.
> so i'm not using this, but i'm using the following
> 2. pserver and stunnel
> why? no shell, secure connection..
There are multiple methods of access for multiple kinds of users.
> maybe it would be a good idea to have a config file like you have for
> example for postgresql
> (pg_hba.conf), where you can put who can connect in which way (including
> ident, pam, md5, krb5..) to the server
The development version of cvs (1.12.1.1) in the cvshome.org repository
has at least part of a PAM implementation for :pserver: connections. I
have not used it myself.
Good luck,
-- Mark