On Thu, 19 Dec 2002, Phil R Lawrence wrote: > My best idea is to leave cvs-phil with a regular shell, but disallow > su'ing to cvs-phil (via chuser on AIX, but how about linux?). Since our > server will be physically secured, no one could directly log onto the > console as cvs-phil. Then SSH will be configured to only allow the cvs > command. > > Any other thoughts?
You can write a shell script which serves as the user's login shell. That script can do arbitrary filtering to allow or disallow commands. I had one such a script that would allow CVS access, but only to a specified repository. It filtered out any -d option, and put in its own. _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs