[darcs-users] Darcs over SSH
Tomasz Zielonka
tomasz.zielonka at gmail.com
Tue Jan 31 21:03:23 UTC 2006
On Tue, Jan 31, 2006 at 09:16:41AM -0300, Thiago Arrais wrote:
> This solves part of the problem, since your users will still be able
> to use they access to upload and run malicious code. There should be a
> solution for this too, though. How can we limit the users to run only
> the darcs program (and its dependencies, of course)?
man sshd, AUTHORIZED_KEYS FILE FORMAT:
command="command"
Specifies that the command is executed whenever this key is used for
authentication. The command supplied by the user (if any) is
ignored. [...] A quote may be included in the command by quoting it
with a backslash. This option might be useful to restrict certain
public keys to perform just a specific operation. An example might
be a key that permits remote backups but nothing else. Note that the
client may specify TCP/IP and/or X11 forwarding unless they are
explicitly prohibited. Note that this option applies to shell,
command or subsystem execution.
But I am afraid that command="darcs" won't work now. Maybe some
operations would work, some wouldn't. I am not sure how ssh
connections are used now.
Some time ago we discussed the idea of creating a protocol that
could be used for darcs-to-darcs or UI-to-darcs communication. This
protocol could be designed in such a way that command="darcs" would
work.
Best regards
Tomasz
--
I am searching for programmers who are good at least in
(Haskell || ML) && (Linux || FreeBSD || math)
for work in Warsaw, Poland
More information about the darcs-users
mailing list