On Fri, May 25, 2012 at 02:14:16PM +0200, Olivier Berger wrote: > > Unless I've done something wrong with configuring my newly installed > FusionForge, users created on the forge will get access va SSH to a full > account. > > Even though their home dirs are inside /var/lib/gforge/chroot/home/users/, > their shell is bash. > > I think it is not desirable in general, to have such a setup, due to > potential security issues this implies. > > IMHO, the shell should be a chrooted one, inside that > /var/lib/gforge/chroot/, or a wrapper like git-shell. >
To set git-shell as a default for all users, one should do the following : - change the default value for the 'shell' column of the 'users' table - add git-shell in /etc/shells (or better, in /var/lib/gforge/chroot/etc/shells, provided that common/include/User.class.php and common/include/account.php are adjusted to that path (will file another report for that one). Hope this helps, Best regards -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
