Gforge's cvssh.pl script and git

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In the company I'm working someone has restricted access to all users
to only use cvs via cvssh.pl script (source at the end of message)
taken from gforge. This script is set as a shell for all users. Now I
would like to change it so I can run git too. I've tried by adding
'git', 'git-upload-pack', 'git-receive-pack' and 'git-shell' in the
array @allowed_commands. After that if I try to clone existing
repository with:

git clone ssh://testuser@server_name/tmp/test.git

I get following error:

fatal: ''/tmp/test.git'': unable to chdir or not a git archive
fatal: The remote end hung up unexpectedly

I first thought that testuser doesn't have permissions to read
directory /tmp/test.git so I changed mode and gave r+w permissions
recursively on that folder, but result was same.

There is no way I can avoid this perl script (company policy) but I
can change it. Problem is that I do not know Perl so much and I do not
know what git is exactly doing behind the scene when it is run via
ssh. Can anyone tell me why this perl script doesn't allow git to run
properly and what has to be changed to enable git?

#! /usr/bin/perl -w
#
# $Id: cvssh.pl 3987 2005-02-26 22:59:11Z tperdue $
#
# "Shell" for a restricted account, limiting the available commands
# Roland Mas, debian-sf (Sourceforge for Debian)
#
# Inspired from the grap.c file in Sourceforge 2.5

use strict ;
use vars qw/ @allowed_options @allowed_commands $errmsg @cmd / ;
use subs qw/ &reject / ;
no locale ;

@allowed_options = ('-c', '-e') ;
@allowed_commands = ('cvs') ;

# Clean up our environment
delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};

@cmd = split (/ +/, $ENV{SSH_CLIENT});

if (scalar (grep {/192.168.0/}  @cmd) == 0) {
    $errmsg = "Client address not allowed." ;
    &reject ;
}

if ($#ARGV != 1) {
    if ($#ARGV < 1) {
        $errmsg = "Not enough arguments." ;
    } else {
        $errmsg = "Too many arguments." ;
    }
    &reject ;
}


if (scalar (grep  { $_ eq $ARGV[0] }  @allowed_options) == 0) {
    $errmsg = "Option not allowed." ;
    &reject ;
}

@cmd = split (/ +/, $ARGV[1]) ;


if (scalar (grep { $_ eq $cmd[0] }  @allowed_commands) == 0) {
    $errmsg = "Command not allowed." ;
    &reject ;
}

exec @cmd ;

sub reject {
    print "This is a restricted account.\n" .
        "You cannot execute anything here.\n" .
        # $errmsg . "\n" .
        "Goodbye.\n" ;
    exit 1 ;
}
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux