Safety of forced commands
Posted: Fri Apr 20, 2007 5:23 pm
If I wanted to grant users an SSH tunnel to a Subversion repository on the server, but not actual shell access, would using a forced command be secure enough? It would look something like:
As far as I can see, the command would setup the svnserve executable and then disallow further shell action (the user would still be able to, however, use SVN repositories). Looks secure. Am I missing something?
Code: Select all
command="/home/username/usr/bin/svnserve -t --tunnel-user=Username -r /home/username/svn" ssh-rsa AAA...