On Mårdi 12 Måss 2002 02:42, Joey Hess wrote: > Sven Gaerner wrote: > > I've got a (hopefully) little proble.m. I want to grant some people > > CVS access to my machine. They should connect by using SSH but I don't > > want to give them a shell. They should be able to use CVS with SSH but > > without logging in to my machine. > > > > Does anyone have an idea how to get this working? > > > > Please CC any answers to me because I'm not subscribed. > > Are these people going to be able to commit to the repository or not? > > If not, it's easy: http://kitenet.net/programs/sshcvs > > If they need to be able to commit too, it becomes much harder, since cvs > is not designed to prevent committers from getting shell access, in > general. You need to make sure they cannot commit to certian files in > CVSROOT which shell code can be put into (I've seen this used to get > shell access to sourceforge, though they may have closed that hole now).
Couldn't you just replace the command launching the shell (e.g. /bin/bash in /etc/passwd) by some simple script telling that connection is refused ? In such a way, connection is allowed but offers no shell. -- Grégory Soyez Université de Liège Institut de Physique Allée du VI Août, Bât B5 B-4000 Sart-Tilman LIEGE 1 Tel : +32 (0)4 366 36 04 Fax: +32 (0)4 366 36 72 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
