current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It's 100% free, no registration required.
up vote 4 down vote favorite

At work we have a server which hosts our CVS repository and in order to restrict shell access to this system, I have deployed rssh which has worked well for a number of years.

We are now converting part of our repository to Git and using this existing server to host a centralized bare Git repository. I would like to extend these restrictions to Git commands as well, but rssh does not support Git. I know that Git has git-shell which does a similar thing for Git (though I haven't used it) but I don't think it understands CVS.

Given that both approaches use the mechanism of setting the user's shell to one of these, I can't use them both at the same time.

We still need to use the CVS repository so is there any mechanism that would work for both CVS and Git?

My options at the moment are:

  • Do nothing (not really an option).
  • Find a way to make them both work (hence this question).
  • Forget security and just give everyone shell access.
  • Abandon the idea and put the central Git repository on another server (probably virtual) and use git-shell.
  • Something else which I haven't thought of.
share|improve this question
    
Just an idea, but what if you used 2 different users? You typically see things like [email protected] as the frontend user when interacting with the repo. The other technology that might be useful is to use command= in your SSH's $HOME/.ssh/authorized_keys file. –  slm Sep 12 '14 at 1:16
    
cvs uses OS user names to identify committers and so I would never have thought of using a single account for git. It's an interesting idea. Is that seen as good practise? The idea of using a single account for multiple people makes me wary. –  Burhan Ali Sep 12 '14 at 9:58
1  
@BurhanAli You wouldn't use the same account for multiple people. slm's first idea is to use one account per person per service, so 2 accounts per person. –  Gilles Sep 12 '14 at 22:06
    
Oh, I guess I misunderstood then. Two accounts for each person would be very annoying for everyone involved. I guess I also don't understand what is meant by "You typically see things like [email protected] as the frontend user when interacting with the repo." I interpreted that line as one account used by all. –  Burhan Ali Sep 13 '14 at 13:18
    
@Gilles Actually, I have been reading "Git on the Server - Setting Up the Server" and it is suggesting using a single user (called git) for all users. So my concerns about using a single account are still there. –  Burhan Ali Sep 16 '14 at 13:48

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.