[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] wiki update: conditionalized startup scripts over s
From: |
John Kinson |
Subject: |
Re: [Gnu-arch-users] wiki update: conditionalized startup scripts over ssh |
Date: |
Mon, 20 Sep 2004 13:17:11 +0100 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040616 |
Apologies for dragging this up again, but I've been unable to get the
multiple ssh keys in conjunction with the ssh environment/rc approach to
set a group-write umask as described in
http://wiki.gnuarch.org/moin.cgi/Centralized_20Development?action=show
I can successfully set a unique environment variable and test for this
in the .ssh/rc file, but any changes to the umask don't persist beyond
the .ssh/rc file invocation, for both sftp and ssh access.
Has anyone actually succeeded with this technique for real, or are
Andrew's suggestions hypothetical?
Here's how I've configured my client and server:
Local .ssh/config file contains:
Host arch-shared
Hostname RealServerHostname
IdentityFile ~/.ssh/id_rsa-shared
Server .ssh/authorized_keys file contains:
environment="VC=arch-shared" ssh-rsa ... address@hidden
Server .ssh/rc file contains the following (I've included my debug code
here too):
echo Umask at start of .ssh/rc
umask
echo Exporting SSHRC env var
SSHRC=true
export SSHRC
if [[ ${VC:-} = *-shared ]]
then
echo Setting umask for shared VC environment
umask 0007
umask
else
echo Not setting umask - not a shared VC environment
fi
When I ssh to arch-shared, the .ssh/rc file correctly sets the umask,
but when I display the umask at the start of my .bash_profile (and
/etc/bashrc), the umask has been reset to 0022. I've checked that no
other initialization scripts such as /etc/profile have intervened. The
test environment variable I export from .ssh/rc is unavailable too.
To me it would look like .ssh/rc is invoked as a separate subshell, in
which case any umask (or environment variable) changes will not
propagate to the invoking ssh/sftp session. Am I right?
Can anyone point out where I've gone wrong, or suggest an alternative?
Patching sshd, or using a single account with multiple keys is not
acceptable. I tried using the 'command="umask 0007"' prefix in
authorized_keys instead of the 'environment' prefix, but that just runs
the single command then closes the connection, which is of no use...
Cheers
JK
Robert Anderson wrote:
http://wiki.gnuarch.org/moin.cgi/Centralized_20Development?action=show
I dug up asuffield's instructions for how to conditionalize
startup scripts when invoked through tla sftp sessions.
It appears to be a very nice solution to the problem I complained
about yesterday, if one is only concerned about usage through sftp.
This solution should be documented more formally, IMO. To assume
that any arch user should be able to figure this out on his own
without a significant time investment is totally absurd.
Bob
_______________________________________________
Gnu-arch-users mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/gnu-arch-users
GNU arch home page:
http://savannah.gnu.org/projects/gnu-arch/
--
http://www.yellowradio.com/
If technology doesn't seem like magic,
it's probably obsolete.
- Re: [Gnu-arch-users] wiki update: conditionalized startup scripts over ssh,
John Kinson <=