LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-05-2005, 01:33 PM   #1
navvywavvy
LQ Newbie
 
Registered: Dec 2005
Posts: 3

Rep: Reputation: 0
SVN Setup & User Permissions


I develop open source software, and I have recently set up an SVN repository for my project. I want to start to allow users other than myself to commit changes to the repository, but I don't want just anyone getting access to my server. I realize that a basic user account won't be able to edit files, but I don't want them to even be able to browse any files other than their home directory and the repository. My ideal solution would be that when a user ssh's into my server, they are sitting in their home directory and there is a symbolic link to the repository.

What I've already done is:

I've set up svn to work through Apache (no svn+ssh required).
I've created an svn group and granted it rw permissions on my repository.

Then I created a user in the svn group like this:

adduser --ingroup svn somedevelopername

I ssh'd to my server and logged in as somedevelopername. I was sitting in my home directory, and I could still browse all over the machine. How can I stop that?

I'm on Debian Sarge.

Thanks in advance for any help you can provide.
 
Old 12-05-2005, 01:37 PM   #2
navvywavvy
LQ Newbie
 
Registered: Dec 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Now that I think of it, an even better solution would be to just not grant my developers ssh access to my server. Make them apply all changes through svn. How can I create a user and not allow him/her to ssh into my server?
 
Old 12-05-2005, 01:48 PM   #3
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
Quote:
Originally Posted by navvywavvy
Now that I think of it, an even better solution would be to just not grant my developers ssh access to my server. Make them apply all changes through svn. How can I create a user and not allow him/her to ssh into my server?
You have a couple different options here.
1. You can restrict users via /etc/ssh/sshd_config
Code:
# grep /etc/ssh/sshd_config | AllowUser
AllowUsers navvywavvy gnubie
2. Restrict SSH to public key authentication only

3. Firewall SSH
Code:
yourip="10.0.0.2"

iptables -P INPUT DROP
iptables -A INPUT -i eth0 -p tcp -s $yourip --dport 22 -j ACCEPT
 
Old 12-05-2005, 02:34 PM   #4
navvywavvy
LQ Newbie
 
Registered: Dec 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Awesome. I went with option #1 and it worked like a charm.
Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
KDevelop & CVS/SVN Plugins G.Bloke Mandriva 1 07-12-2005 03:35 PM
How-to setup Linux without user & pwd ioan123 Linux - Security 2 03-21-2005 07:48 AM
establishing user accounts & folder permissions mingarz Linux - Software 6 12-07-2004 06:54 AM
how to setup folder permissions for guest user with samba? wza Linux - Networking 0 07-08-2004 09:26 AM
Graphically setup user permissions (frontend to chmod and chown) sfonvill Linux - Security 2 08-27-2003 03:12 PM


All times are GMT -5. The time now is 01:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration