gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57fba100.hantslug.org.uk.20598': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Thu May 31 16:50:18 2007 BST
gpg: using DSA key 019AD0D8166C4BF0
gpg: Can't check signature: No public key
Hi,
At work we have some projects on a CVS sever and new projects on a
Subversion server on the same box. Historically we used a forced
command 'cvs server' to force all SSH into CVS. Now we have a
slight problem that we want to only allow CVS and Subversion,
with no shell access.
Apparently OpenSSH only supports one command forcing option, it's
cvs or svn but not both.
It looks like I could set the command to be a shell script and
then look in the $SSH2_ORIGINAL_COMMAND variable to see what they
tried to do, and if it's svn or cvs allow it to run. I'd have to
write very clean code to make it secure, but I can't think of
anything else.
I've looked at the restricted shell option for OpenSSH, which looks
good, except it doesn't do svn yet!
I could try setting their login shell to /bin/false, but they could
easily issue a ssh cvsserver bash if they wanted to.
It's not a police state, but we'd like to keep most people out,
even if it's only security theatre (for audit purposes) and yes
I know it's sad and pathetic...
Anyhow any ideas?
Thanks in advance.
--
Adam Trickett
Overton, HANTS, UK
Capitalism is the extraordinary belief that the nastiest of men, for
the nastiest of reasons, will somehow work for the benefit of us all.
-- John Maynard Keynes
