[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: empty pre-commit hook fails with svn+ssh with some accounts

From: David Chapman <dcchapman_at_acm.org>
Date: Thu, 21 Jul 2011 16:24:53 -0700

On 7/21/2011 4:00 PM, Daniel Neuberger wrote:
> On Thu, Jul 21, 2011 at 2:13 PM, Nico Kadel-Garcia<nkadel_at_gmail.com> wrote:
>> Don't give the shared "svn" user a valid shell!!!! If an administrator
>> needs to run operations as that user, to manipulate config files or
>> create new repositories, they can do "sudo -s -H -u svn" to get a
>> valid shell as the administrative user. Sudo can even be configured to
>> allow designated users such administrative access without requing
>> local root privileges at all.
> Hmm, why didn't I think of that? It doesn't seem to work though.
> Setting the shell to /bin/nologin or even just fakeshell breaks
> everything. Is there another way to give an invalid shell?
>
>

How about /bin/false? This is the "shell" defined for all of the
non-login (e.g. daemon) accounts on my machines.

-- 
     David Chapman         dcchapman_at_acm.org
     Chapman Consulting -- San Jose, CA
Received on 2011-07-22 01:25:49 CEST

This is an archived mail posted to the Subversion Users mailing list.