Menu
How is the best way I can create a jailed user on a Linux machine to be used solely for a git repository?
842
git-shell is a restricted shell that you can use for this purpose.
If you make set a user's login shell to git-shell then he can only run a limited set of server-side git helper functions which enable remote git over ssh usage but don't permit a normal log in.
103
Also look in to gitosis. In particular, it sets some parameters in .ssh/authorized_keys which prevent port forwarding, etc:
command="gitosis-serve user@host",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA....
Even if you do not use gitosis, you may want to include the restrictive options.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
