patternshellgitMinor
Make a git repository read-only over ssh depending on the key used
Viewed 0 times
thereadusedmakeovergitrepositorydependingsshonly
Problem
I want a git repository, accessible over ssh, to be read-only when used with certain keys. With other keys access to the full system is okay.
Here is my solution.
git-readonlyshell:
.ssh/authorized_keys:
Thoughts?
Any scenario in which this would break?
Here is my solution.
git-readonlyshell:
if echo "$2" | egrep -q ^git-upload-pack; then
sh -c "$2"
else
echo Error: read only access 1>&2
fi.ssh/authorized_keys:
command="./git-readonlyshell -c \"$SSH_ORIGINAL_COMMAND\"" ...Thoughts?
Any scenario in which this would break?
Solution
Should be
Notes:
printf "%s\n" "$2" | grep -E "^git-upload-pack" && sh -c "$2"Notes:
shnotbashfor portability
- The
printfinstead ofechois for safety. What happens if someone puts"-n foo"as"$2"?
Code Snippets
printf "%s\n" "$2" | grep -E "^git-upload-pack" && sh -c "$2"Context
StackExchange Code Review Q#36034, answer score: 5
Revisions (0)
No revisions yet.