Writing a 'replacement shell' isn't as scary as it sounds.
The basic idea is that you set up ssh so that when darcs connects via
a particular public key, It thinks it is running a shell, but it is
in fact running a script that only looks for and allows the
particular commands that darcs needs.
Awhile ago, someone had published one such script, 'darcs-
wrapper.pl'. I use a modified version of it. If you can't find it,
I'll be happy to post my modified version. (Note, this is *not* the
same as the darcs wrapper script for cygwin.)
Lastly, note that chroot protection should be in addition to, not an
alternative. The mechanisms protect different things. The script
ensures that only the commands you expect get executed. The chroot
ensures that those commands cannot be used on files other than you
wish to give access to.
- Mark
Mark Lentczner
http://www.ozonehouse.com/mark/
[EMAIL PROTECTED]
_______________________________________________
darcs-users mailing list
[email protected]
http://www.abridgegame.org/mailman/listinfo/darcs-users
