Updating the $PATH for running an command through SSH with LDAP user account
- by Guillaume Bodi
Hi all,
I am setting up a Mac OSX 1.6 server to host Git repositories.
As such we need to push commits to the server through SSH.
The server has only an admin account and uses a user list from a LDAP server.
Now, since it is accessing the server through a non interactive shell, git operations are not able to complete since git executables are not in the default path.
As the users are network users, they do not have a local home folder. So I cannot use a ~/.bashrc and the like solution.
I browsed over several articles here and there but could not get it working in a nice and clean setup.
Here are the infos on the methods I gathered so far:
I could update the default PATH environment to include the git executables folder. However, I could not manage to do it successfully. Updating /etc/paths didn't change anything and since it's not an interactive shell, /etc/profile and /etc/bashrc are ignored.
From the ssh manpage, I read that a BASH_ENV variable can be set to get an optional script to be executed. However I cannot figure how to set it system wide on the server. If it needs to be set up on the client machine, this is not an acceptable solution. If someone has some info on how it is supposed to be done, please, by all means!
I can fix this problem by creating a .bashrc with PATH correction in the system root (since all network users would start here as they do not have home). But it just feels wrong. Additionally, if we do create a home folder for an user, then the git command would fail again.
I can install a third party application to set up hooks on the login and then run a script creating a home directory with the necessary path corrections. This smells like a backyard tinkering and duct tape solution.
I can install a small script on the server and ForceCommand the sshd to this script on login. This script will then look for a command to execute ($SSH_ORIGINAL_COMMAND) and trigger a login shell to run this command, or just trigger a regular login shell for an interactive session.
The full details of this method can be found here: http://marc.info/?l=git&m=121378876831164
The last one is the best method I found so far.
Any suggestions on how to deal with this properly?