Following up on what was discussed in the meeting and the list of requirements from the previous email, here are the scripts I'm currently working on to setup the bzr repository. * scponly-repo.sh: This is the first script to run. It sets up the chroot environment. A portion of this script should be made into a cron job that periodically refreshes the programs and libraries within the chroot (to limit the time that the chroot is vulnerable to exploits.) - A portion of this script needs to be run by root. - This script labels files for SELinux. If SELinux is not enabled on the server this lands on we'll want to comment that out. - A portion of the script sets up a passwd and group file within the chroot. I suspect that this is not necessary. * setup-repo.sh: This script imports one of the cvs-seed tarballs from cvs.fedora.redhat.com into the new repository. It sets up a sample within the embargo directory as well. * repo.conf: Apache configuration file to enable access to the repo over http. Note that this allows bzr to access the repository over ssh. It is not a web-front end. There is a separate cgi script which I haven't yet worked with that can be used for that. * user.sh: Sets up one user with an account on the system; adding them to appropriate groups and etc. This is incomplete until I tie it into the accounts system to retrieve the ssh key. In the future, user information should be created by the accountsdb. * user-setup.sh: This script sets up default groups (vcsuser and security) that are used by the acls. It also creates a vcsguest account that allows anonymous logins. After implementing http retrieval on my test machine, I don't think this is necessary any longer. Anonymous access can use http to retrieve public information. Read-write access and access to private information will go through sftp. * sshd_config: Replacement sshd configuration. Changes: - AuthorizedKeysFile is changed to explicitly reference /home/%u instead of the user's home directory. This is so vcusers have their keys extracted from /home/%u instead of their home directory (which is within the chroot). vcsusers do not have access to change ssh keys on the server, this has to be done through the accounts db. - PermitEmptyPasswords, PasswordAuthentication: This is to enable anonymous ssh login to the chroot. Since anonymous access is going to happen over http, this should no longer be necessary. - Subsystem sftp: enabled sftp for bzr. Everything is a work in progress but my main thrust right now is creating good ACLs and testing what the limitations are. -Toshio
Attachment:
setup-repo.sh
Description: application/shellscript
Attachment:
setup-repo.sh
Description: application/shellscript
AliasMatch ^/repos(/.*)?$ "/pkgs/bzr/chroot/pkgs$1" <Directory "/pkgs/bzr/chroot/repos"> Options Indexes AllowOverride None Order allow,deny Allow from all </Directory>
Attachment:
user.sh
Description: application/shellscript
Attachment:
user-setup.sh
Description: application/shellscript
# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #Protocol 2,1 Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes AuthorizedKeysFile /home/%u/.ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes PermitEmptyPasswords yes PasswordAuthentication yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no #UsePAM no UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #ShowPatchLevel no # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server
Attachment:
signature.asc
Description: This is a digitally signed message part
