Mads B. Tandrup wrote:
> Duncan Booth wrote:
>>
>> The hook would be running as the apache user on the subversion
>> server, so the 'svn up' needs to be kicked off as a different user. I
>> would rather not trust the apache user from the svn server further
>> than necessary, so I would like some solution which allows a specific
>> command to be run but not others: maybe ssh+sudo, or should that be
>> sudo+ssh?
>>
>
> Have a look at the OpenSSH sshd documentation. Under "AUTHORIZED_KEYS
> FILE FORMAT" you'll find the following option:
>
> command="command"
> Specifies that the command is executed whenever this key is used
> for authentication. The command supplied by the user (if any) is
> ignored. The command is run on a pty if the client requests a
> pty; otherwise it is run without a tty. If an 8-bit clean chan-
> nel is required, one must not request a pty or should specify no-
> pty. A quote may be included in the command by quoting it with a
> backslash. This option might be useful to restrict certain pub-
> lic keys to perform just a specific operation. An example might
> be a key that permits remote backups but nothing else. Note that
> the client may specify TCP and/or X11 forwarding unless they are
> explicitly prohibited. Note that this option applies to shell,
> command or subsystem execution.
>
> So you will be able to generate an SSH key for your Apache server
> which only supports doing an "svn up /foo/bar".
>
Ok, I think I now have this working. The post-commit hook script uses the
following ssh command:
/usr/bin/ssh -x -n -o BatchMode=yes -i <path to id file> <user>@<remote
host> post-commit $REPOS $REV
(with obvious substitutions for bits in angle brackets). For some reason I
don't quite understand, until I added the BatchMode option the commit kept
hanging even though it shouldn't be prompting for a password.
On the remote system, /home/<user>/.ssh/authorized_keys looks like:
command="/home/<user>/post-commit-hook",no-pty,no-X11-forwarding,no-port-
forwarding ssh-dss ...
and the hook script itself can get at the arguments (if it should need
them) in $SSH_ORIGINAL_COMMAND
That seems to meet my wishes quite nicely: the explicit id file means I can
link different repositories to different hook scripts on the remote machine
and tie each one down to a specific command.
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri May 5 11:45:02 2006