On 2009-04-23 04:30:25 PM, Ricky Zhou wrote: > I'd appreciate if people can test and try to abuse/break this setup :-), > so I have a test repo setup. To test this, you need to be in > sysadmin-test: > > 1. Prepend your ~/.ssh/authorized_keys file on > publictest10.fedoraproject.org with: > > command="/home/fedora/ricky/test.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty > > (make sure not to accidentally lock yourself out with this) > > 2. Checkout the test module with: > cvs -d :ext:[email protected]/home/fedora/ricky/repo co > test > > 3. Try to make a commit without it getting logged in > /home/fedora/ricky/repo/CVSROOT/commitlog > > Feel free to try clever/evil things to test this out. Update: Now it's slightly easier for some people to test this out.
If you are in the packager group and you are not in any of sysadmin-main, sysadmin-test, sysadmin-noc, then you do not need to take any special action, you can just: cvs -d :ext:[email protected]/home/fedora/ricky/repo co test and test ctrl-cing commits. If you are in one of the three groups listed, you'll still have to follow the instructions to restrict your SSH command. Thanks, and please test! Ricky
pgpZKCnP0ETkt.pgp
Description: PGP signature
_______________________________________________ Fedora-infrastructure-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
