Junio C Hamano wrote:
> Jonathan Nieder <jrnie...@gmail.com> writes:
>> +To disable interactive logins, displaying a greeting instead:
>> ++
>> +----------------
>> +$ chsh -s /usr/bin/git-shell
>> +$ mkdir $HOME/git-shell-commands
>> +$ cat >$HOME/git-shell-commands/help <<\EOF
>> +#!/bin/sh
>> +printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
>
> Where in the sshd to git-shell exec chain is $USER variable set for
> the user? Just being curious if this is the simplest but one of the
> more robust ways to get the user's name.
That's a good question. environment= in an authorized_keys file is
obsolete, so USER generally represents the actual logged in user.
That means the main way to base behavior on private key (letting one
system user represent multiple people) is a gitolite-style command=
wrapper that checks SSH_ORIGINAL_COMMAND. In that setup, there is no
reason to forward simple no-args "are you there?" requests to the
git-shell, so we can forget about it here.
So by the time we get to git-shell, most likely either
A) this is a generic system user, with a username like "git", and the
above example would insult the client with "Hi git!" or "Hi
project-x-git!"
or
B) each person has a separate account on the system, perhaps to help
the admin to set filesystem permissions based on users and groups,
and the above would address the user by her normal name.
Jonathan
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
