How can I allow a linux subversion user to only execute svnserve?

Posted by sbleon on Server Fault See other posts from Server Fault or by sbleon
Published on 2010-03-17T18:04:04Z Indexed on 2010/03/17 18:11 UTC
Read the original article Hit count: 353

Filed under:
|
|

I've got a user that I'd like to only be able to use subversion. We like to use svn+ssh:// URLs sometimes (for public keys and whatnot), so I need them to be able to connect over ssh and run only the svnserve command.

When using a svn+ssh URL, svn ssh'es in and passes the arguments "-c svnserve -t". I wrote a custom shell as follows to filter the commands that can be run. This works, but it's not passing the input to svnserve, so when I try to "svn up" I get "svn: Connection closed unexpectedly".

#!/bin/bash
if [ "$1" == "-c" ] && [ "$2" == "svnserve" ] && [ "$3" == "-t" ] && [ "$4" == ""] ; then
        exec svnserve -t
else
        echo "Access denied. User may only run svnserve."
fi

© Server Fault or respective owner

Related posts about svn

Related posts about ssh