Safety of forced commands

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Safety of forced commands

Post by Ambush Commander »

If I wanted to grant users an SSH tunnel to a Subversion repository on the server, but not actual shell access, would using a forced command be secure enough? It would look something like:

Code: Select all

command="/home/username/usr/bin/svnserve -t --tunnel-user=Username -r /home/username/svn" ssh-rsa AAA...
As far as I can see, the command would setup the svnserve executable and then disallow further shell action (the user would still be able to, however, use SVN repositories). Looks secure. Am I missing something?
Post Reply