|
NetBSD Developer Documentation:
How to use the restricted shell on cvs.NetBSD.org
|
For security reasons, developer access on cvs.NetBSD.org has been
restricted to the following commands:
Restricted Shell Commands
-
This allows you to use CVS as you did before (CVS in client/server mode
invokes cvs server on the remote side to do its processing).
-
This allows you to change your password interactively. Remember that
you really want to use ssh -t so that your password does not
get echoed on the screen.
-
This command allows you to manage your .ssh/authorized_keys file using RCS.
You can feed it a new authorized_keys on stdin, and it will store the old
file using RCS, and then install the new set of keys.
It should be invoked as "ssh cvs.NetBSD.org update_my_keys", with
the new authorized_keys file passed to it on stdin.
It will not accept null input (deletion of all keys) unless it
is invoked as update_my_keys -d.
If you make an error, you can ask the admin
group to restore an older authorized_keys file for you.
-
This command requires rsync 2.5.6 or newer. It allows you to run
rsync in daemon mode over an SSH connection. Your login shell will adjust
any rsync command line to force the use of an rsync daemon configuration
file that will only allow you to read /cvsroot,
using module name cvsroot.
So, you invoke rsync like this (for example):
rsync -avS -e ssh <login>@cvs.NetBSD.org::cvsroot/src .
Please note the presence of both -e ssh and ::,
which are not supported by rsync before 2.5.6. This command will connect
to cvs.NetBSD.org using ssh as user loginname, invoke the rsync
daemon, and fetch the src subdirectory of the cvsroot
module, which of course corresponds to /cvsroot/src.
-
- CVSup
We cannot build a native M3 compiler/runtime and
we refuse to install a pre-built one for security reasons.
- CVSync
This requires POSIX threads, and it works with NetBSD-1.6 and PTH, but we have not installed it yet.
(Contact us)
$NetBSD: restricted.html,v 1.7 2004/03/19 20:35:59 christos Exp $
Copyright © 1994-2003
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home Page