[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: empty pre-commit hook fails with svn+ssh with some accounts

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Thu, 21 Jul 2011 19:54:01 -0400

On Thu, Jul 21, 2011 at 7:24 PM, David Chapman <dcchapman_at_acm.org> wrote:
> On 7/21/2011 4:00 PM, Daniel Neuberger wrote:
>>
>> On Thu, Jul 21, 2011 at 2:13 PM, Nico Kadel-Garcia<nkadel_at_gmail.com>
>>  wrote:
>>>
>>> Don't give the shared "svn" user a valid shell!!!! If an administrator
>>> needs to run operations as that user, to manipulate config files or
>>> create new repositories, they can do "sudo -s -H -u svn" to get a
>>> valid shell as the administrative user. Sudo can even be configured to
>>> allow designated users such administrative access without requing
>>> local root privileges at all.
>>
>> Hmm, why didn't I think of that?  It doesn't seem to work though.
>> Setting the shell to /bin/nologin or even just fakeshell breaks
>> everything.  Is there another way to give an invalid shell?
>>
>>
>
> How about /bin/false?  This is the "shell" defined for all of the non-login
> (e.g. daemon) accounts on my machines.

Depends on local system requirements. "/sbin//nologin" is common for
system accounts, such as "www-data" and "named" on UNIX and Linux
ystems, that don't need root access nor a valid user shell. It can
even be listed in /etc/shells as a valid shell to permit certain
oddball authentication setups to work well.
Received on 2011-07-22 01:54:35 CEST

This is an archived mail posted to the Subversion Users mailing list.