Page 1 of 1

Safety of forced commands

Posted: Fri Apr 20, 2007 5:23 pm
by Ambush Commander
If I wanted to grant users an SSH tunnel to a Subversion repository on the server, but not actual shell access, would using a forced command be secure enough? It would look something like:

Code: Select all

command="/home/username/usr/bin/svnserve -t --tunnel-user=Username -r /home/username/svn" ssh-rsa AAA...
As far as I can see, the command would setup the svnserve executable and then disallow further shell action (the user would still be able to, however, use SVN repositories). Looks secure. Am I missing something?