2006/1/30, Daniel Carrera <[EMAIL PROTECTED]>: > Hi all, > > I'm trying to figure out the best way to have a main repository where > several can contribute. SSH seems to be the only alternative for this. > I'm thinking of having a single user (called 'darcs') and asking all > developers to send me their ssh key. But I'm concerned about the > security issues:
Maybe you could setup chrooted access. This is a way to make the SSH access allowed to the repo dir(s) only, which ultimately makes the developers "jailed" to them, the rest of the system won't be accessible. There is a HOWTO here http://www.howtoforge.com/chrooted_ssh_howto_debian This solves part of the problem, since your users will still be able to use they access to upload and run malicious code. There should be a solution for this too, though. How can we limit the users to run only the darcs program (and its dependencies, of course)? Cheers, Thiago Arrais _______________________________________________ darcs-users mailing list [email protected] http://www.abridgegame.org/mailman/listinfo/darcs-users
