LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-15-2010, 06:36 PM   #1
khaan
LQ Newbie
 
Registered: Feb 2007
Distribution: ubuntu
Posts: 24

Rep: Reputation: 15
svn user with very restricted possibilities?


Hi,

I would like an svn user which is able to check in/out to/from my svn repository by using svn+ssh://svn@blah... but without being able to just log in using ssh or use scp or anything else.

Is that possible?

If I understand, system user accounts have no way to log in (even if we set a home folder, a shell and a password for them ?). But then I did not manage to set things up so that it can use my repositories.

Thanks for any help!
 
Old 03-16-2010, 12:31 PM   #2
dsmyth
LQ Newbie
 
Registered: Mar 2010
Location: Glasgow, Scotland
Distribution: Fedora 12
Posts: 26
Blog Entries: 6

Rep: Reputation: 17
hi, I have no idea if this will help but to control authentication of svn using the svn protocol (svn+ssh is svn protocol over ssh) then you need to add / modify the authz, passwd, and svnserve.conf files of the repository (stored in 'reponame'/conf directory).

This will let you create login credentials for users who are or are not allowed to access the repo. So whoever can connect to your server with ssh might not have the means necessary to check code out of svn.

These are the files I have they set the repo to access only by the authorised users detailed in the passwd file.

svnserv.conf
Code:
[general]
anon-access = none
auth-access = write
password-db = passwd

passwd
Code:
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
sally = sallysPassword
Hope that was what you were looking for.
 
Old 03-16-2010, 02:55 PM   #3
nonamenobody
Member
 
Registered: Oct 2002
Posts: 138

Rep: Reputation: 22
With SSH keys, it is possible to have what is known as a "forced command" i.e. when that SSH key is used a single command is run and no other command can be run. Obviously you will need to disable password logins or not tell the users their password - otherwise they will be able to run any command they like. Some useful guides might be http://blog.bodhizazen.net/linux/svnssh/ and http://www.eng.cam.ac.uk/help/jpmg/s...eys_howto.html

Another option might be to chroot the user(s) (using chrootsh). But you would need to make sure that all the files, svnserve and necessary libraries were available in the chroot jail.

I haven't tried either of these techniques, but if I were faced with your problem, this is where I would start.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need to create a restricted user(Centos) ankushpandit Linux - Newbie 7 09-10-2009 10:24 AM
openBSD user count + 1 - questions about possibilities of security use rsciw *BSD 10 06-01-2009 02:28 AM
Files restricted to only root user Peter_APIIT Mandriva 18 03-25-2007 04:03 PM
Setting Up a Restricted User Account MClayton Linux - Networking 2 10-19-2004 12:31 PM
SSH user IP restricted access??? ifm Linux - Security 3 07-21-2002 12:01 PM


All times are GMT -5. The time now is 10:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration