Em 27-06-2011 10:47, Rodrigo Rosenfeld Rosas escreveu:
...
I think it is not currently possible to listen on port 22 with
effective uid other than 0 in Unix-like systems, but I may be wrong
since I'm not really a security specialist.
If we set it up to run in another port, than instead of
'git@some.server/some/repo' we would have
'git@some.server:2222/some/repo'.
Maybe someone here with better knowledge on security could state
otherwise how to listen on port 22 without running the service with
an unprivileged account.
Actually, I hack I usually do when hosting some web application on
Tomcat is usually to run it as the tomcat user on port 8080 and add an
IPTables rule for directing port 80 to 8080... This could be set up
for sshd in a Gitorious server.
According to this article, it is possible to allow an unprivileged user
to bind to privileged ports by using authbind:
http://www.debian-administration.org/articles/386
--
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com
