GNU Rush |
|
Restricted User Shell |
Sergey Poznyakoff |
Remote access to SVN repositories is done via
svnserve
binary. It is executed on server with -t
option. The -r option can be used to restrict access to a
subset of root directories. So, we can use the following rule:
rule svn match $command ~ "^svnserve -t" set command =~ "s|-r *[^ ]*||" set command =~ \ "s|^svnserve |/usr/bin/svnserve -r /svnroot|"
The first set command
action removes any -r options
the user might have specified and enforces a single root directory. A
more restrictive action can be used to improve security:
set command =~ "s|.*|/usr/bin/svnserve -r /svnroot|"
This document was generated on June 29, 2019 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.