HiveBrain v1.2.0
Get Started
← Back to all entries
patternshellgitMinor

Make a git repository read-only over ssh depending on the key used

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
thereadusedmakeovergitrepositorydependingsshonly

Problem

I want a git repository, accessible over ssh, to be read-only when used with certain keys. With other keys access to the full system is okay.

Here is my solution.

git-readonlyshell:

if echo "$2" | egrep -q ^git-upload-pack; then
  sh -c "$2"
else
  echo Error: read only access 1>&2
fi


.ssh/authorized_keys:

command="./git-readonlyshell -c \"$SSH_ORIGINAL_COMMAND\"" ...


Thoughts?

Any scenario in which this would break?

Solution

Should be

printf "%s\n" "$2" | grep -E "^git-upload-pack" && sh -c "$2"


Notes:

  • sh not bash for portability



  • The printf instead of echo is for safety. What happens if someone puts "-n foo" as "$2"?

Code Snippets

printf "%s\n" "$2" | grep -E "^git-upload-pack" && sh -c "$2"

Context

StackExchange Code Review Q#36034, answer score: 5

Revisions (0)

No revisions yet.