Duncan Booth wrote:
>
> The hook would be running as the apache user on the subversion server, so
> the 'svn up' needs to be kicked off as a different user. I would rather not
> trust the apache user from the svn server further than necessary, so I
> would like some solution which allows a specific command to be run but not
> others: maybe ssh+sudo, or should that be sudo+ssh?
>
Have a look at the OpenSSH sshd documentation. Under "AUTHORIZED_KEYS FILE FORMAT" you'll find the following option:
command="command"
Specifies that the command is executed whenever this key is used
for authentication. The command supplied by the user (if any) is
ignored. The command is run on a pty if the client requests a
pty; otherwise it is run without a tty. If an 8-bit clean chan-
nel is required, one must not request a pty or should specify no-
pty. A quote may be included in the command by quoting it with a
backslash. This option might be useful to restrict certain pub-
lic keys to perform just a specific operation. An example might
be a key that permits remote backups but nothing else. Note that
the client may specify TCP and/or X11 forwarding unless they are
explicitly prohibited. Note that this option applies to shell,
command or subsystem execution.
So you will be able to generate an SSH key for your Apache server which only supports doing an "svn up /foo/bar".
Best regards,
Mads
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed May 3 18:27:36 2006