On 2009-04-23 04:30:25 PM, Ricky Zhou wrote:
I'd appreciate if people can test and try to abuse/break this
setup :-),
so I have a test repo setup. To test this, you need to be in
sysadmin-test:
1. Prepend your ~/.ssh/authorized_keys file on
publictest10.fedoraproject.org with:
command="/home/fedora/ricky/test.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
(make sure not to accidentally lock yourself out with this)
2. Checkout the test module with:
cvs -d :ext:username@publictest10.fedoraproject.org/home/fedora/ricky/repo co test
3. Try to make a commit without it getting logged in
/home/fedora/ricky/repo/CVSROOT/commitlog
Feel free to try clever/evil things to test this out.
Update: Now it's slightly
easier for some people to test this out.
If you are in the packager group and you are not in any of
sysadmin-main, sysadmin-test, sysadmin-noc, then you do not need to take
any special action, you can just:
cvs -d :ext:username@publictest10.fedoraproject.org/home/fedora/ricky/repo co test
and test ctrl-cing commits. If you are in one of the three groups
listed, you'll still have to follow the instructions to restrict your
SSH command.
Thanks, and please test!
Ricky