Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <010c01c2fa0a$93215f50$f55f893e@pomello> From: "Max Bowsher" To: "Lapo Luchini" , "Mailing List: CygWin" References: <3E8C5EB4 DOT 3080109 AT lapo DOT it> Subject: Re: Ever needed a CVS-only shell? Date: Thu, 3 Apr 2003 18:58:02 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Lapo Luchini wrote: > Today I finally solved one of the problems that I have since a long > time: how to let people access CVS via SSH but not give them shell access. > > It was *much* easier than expected, but real strange for a person that > uses Windows a lot: it wouldn't certainly permit to have a .BAT as a > shell... > > --[ /usr/local/bin/cvsonly ]--------------------------- > #!/bin/sh > > if [ "$*" != "-c cvs server" ]; then > echo "CVS Only!"; > exit; > fi; > cvs server > --[ /usr/local/bin/cvsonly ]--------------------------- > > Maybe it's not perfect or secure as possible, but it's always better > that using a "normal" shell ^_^ Actually, that's nicer than the way I'd heard of (which is, btw, the one used on sources.redhat.com): Use the command="cvs server" option in authorized_keys. (see man sshd for details). But that won't print a message. Max. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/