gnu-arch-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implement


From: Momchil Velikov
Subject: Re: [Gnu-arch-users] RFC: arch protocol, smart server, and tla implementation prototypes
Date: 31 Jan 2004 14:44:35 +0200
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50

>>>>> "Jan" == Jan Hudec <address@hidden> writes:

Jan> On Fri, Jan 30, 2004 at 18:09:16 -0500, Colin Walters wrote:
>> On Fri, 2004-01-30 at 17:45, Scott Parish wrote:
>> > On Fri, Jan 30, 2004 at 10:33:11PM +0000, Andrew Suffield wrote:
>> > 
>> > > Using ssh for anonymous access is nuts.
>> > 
>> > So is another protocol that end users are going to have to worry about
>> > getting through firewalls (both ways).
>> 
>> I intend to support a Subversion-like arch+ssh:// protocol, which is
>> basically just the arch protocol tunneled over ssh.  The client just
>> execs "archd --client" on the server, which speaks over a unix domain
>> socket to the real server.  You can do authentication by grabbing the
>> credentials from the socket.
>> 
>> If you don't want to give them shell accounts, you could just set their
>> shell to a tiny C program which cleans the environment and runs "archd
>> --client".

Jan> It does not even need to do that -- sshd's environment is quite clean
Jan> and there will be no shell to pollute it (the command it execed directly
Jan> by sshd).

  Here's what the login shell looks like for my remove cvs+ssh
clients.

#include <unistd.h>

#define JAIL "/home/jdev"

int 
main ()
{
  umask (002);
  if (chdir (JAIL) == 0 && chroot (JAIL) == 0 && chdir ("/") == 0)
    { 
      setuid (getuid ());
      execl ("/usr/bin/cvs", "cvs", "server", 0);
    }

  return 0;
}




reply via email to

[Prev in Thread] Current Thread [Next in Thread]