On 8/4/06, Toshio Kuratomi <toshio@xxxxxxxxxxxxxxx> wrote:
Following up on what was discussed in the meeting and the list of
requirements from the previous email, here are the scripts I'm currently
working on to setup the bzr repository.
* scponly-repo.sh: This is the first script to run. It sets up the
chroot environment. A portion of this script should be made into a cron
job that periodically refreshes the programs and libraries within the
chroot (to limit the time that the chroot is vulnerable to exploits.)
- A portion of this script needs to be run by root.
- This script labels files for SELinux. If SELinux is not enabled on
the server this lands on we'll want to comment that out.
- A portion of the script sets up a passwd and group file within the
chroot. I suspect that this is not necessary.
* setup-repo.sh: This script imports one of the cvs-seed tarballs from
cvs.fedora.redhat.com into the new repository. It sets up a sample
within the embargo directory as well.
* repo.conf: Apache configuration file to enable access to the repo over
http. Note that this allows bzr to access the repository over ssh. It
is not a web-front end. There is a separate cgi script which I haven't
yet worked with that can be used for that.
* user.sh: Sets up one user with an account on the system; adding them
to appropriate groups and etc. This is incomplete until I tie it into
the accounts system to retrieve the ssh key. In the future, user
information should be created by the accountsdb.
* user-setup.sh: This script sets up default groups (vcsuser and
security) that are used by the acls. It also creates a vcsguest account
that allows anonymous logins. After implementing http retrieval on my
test machine, I don't think this is necessary any longer. Anonymous
access can use http to retrieve public information. Read-write access
and access to private information will go through sftp.
* sshd_config: Replacement sshd configuration. Changes:
- AuthorizedKeysFile is changed to explicitly reference /home/%u
instead of the user's home directory. This is so vcusers have their
keys extracted from /home/%u instead of their home directory (which is
within the chroot). vcsusers do not have access to change ssh keys on
the server, this has to be done through the accounts db.
- PermitEmptyPasswords, PasswordAuthentication: This is to enable
anonymous ssh login to the chroot. Since anonymous access is going to
happen over http, this should no longer be necessary.
- Subsystem sftp: enabled sftp for bzr.
Everything is a work in progress but my main thrust right now is
creating good ACLs and testing what the limitations are.
-Toshio
Hey Toshio, I'm going to have some free time to set this up soon, I
seem to remember you mentioning you had updated scripts. If they
happen to be ready now send them to the list and I'll get them
started.
-Mike
