On 2009-04-23 04:30:25 PM, Ricky Zhou wrote: > I'd appreciate if people can test and try to abuse/break this setup :-), > so I have a test repo setup. To test this, you need to be in > sysadmin-test: > > 1. Prepend your ~/.ssh/authorized_keys file on > publictest10.fedoraproject.org with: > > command="/home/fedora/ricky/test.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty > > (make sure not to accidentally lock yourself out with this) > > 2. Checkout the test module with: > cvs -d :ext:username@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/home/fedora/ricky/repo co test > > 3. Try to make a commit without it getting logged in > /home/fedora/ricky/repo/CVSROOT/commitlog > > Feel free to try clever/evil things to test this out. Update: Now it's slightly easier for some people to test this out. If you are in the packager group and you are not in any of sysadmin-main, sysadmin-test, sysadmin-noc, then you do not need to take any special action, you can just: cvs -d :ext:username@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/home/fedora/ricky/repo co test and test ctrl-cing commits. If you are in one of the three groups listed, you'll still have to follow the instructions to restrict your SSH command. Thanks, and please test! Ricky
Attachment:
pgp21gMhjOsr1.pgp
Description: PGP signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
