On Thu, Jun 21, 2001 at 01:57:32PM -0400, Matthew Riechers wrote:
> Eric Siegerman wrote:
> >
> > I don't
> > recall how, but you can set SSH up so that the *only* command
> > they're allowed to run on that particular box is "cvs".
>
> You can set the user's shell to /usr/local/bin/cvs in /etc/passwd to get
> this effect.
Won't work. It'll do the right restrictions, but it doesn't
invoke cvs with any arguments (specifically "server").
One could also make the user's .profile say
exec /usr/local/bin/cvs server
but I gather that's less than secure. Not sure why; maybe a race
condition that lets you CTRL-C your way to an interactive shell?
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. [EMAIL PROTECTED]
| | /
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea.
- RFC 1925 (quoting an unnamed source)
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs