shell: Rewrite documentation and improve error message
Update the documentation of 'git shell' to mention the interactive mode and COMMAND_DIR. Also provide a hint when interactive mode is not available in the shell. Signed-off-by: Ramkumar Ramachandra <artagnon@gmail.com> Reviewed-by: Greg Brockman <gdb@MIT.EDU> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Ramkumar Ramachandra
committed by
Junio C Hamano
Junio C Hamano
parent
54baefda8c
commit
70256a3a67
@ -3,24 +3,30 @@ git-shell(1)
|
|||||||
|
|
||||||
NAME
|
NAME
|
||||||
----
|
----
|
||||||
git-shell - Restricted login shell for GIT-only SSH access
|
git-shell - Restricted login shell for Git-only SSH access
|
||||||
|
|
||||||
|
|
||||||
SYNOPSIS
|
SYNOPSIS
|
||||||
--------
|
--------
|
||||||
'$(git --exec-path)/git-shell' -c <command> <argument>
|
'git shell' [-c <command> <argument>]
|
||||||
|
|
||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This is meant to be used as a login shell for SSH accounts you want
|
|
||||||
to restrict to GIT pull/push access only. It permits execution only
|
|
||||||
of server-side GIT commands implementing the pull/push functionality.
|
|
||||||
The commands can be executed only by the '-c' option; the shell is not
|
|
||||||
interactive.
|
|
||||||
|
|
||||||
Currently, only four commands are permitted to be called, 'git-receive-pack'
|
A login shell for SSH accounts to provide restricted Git access. When
|
||||||
'git-upload-pack' and 'git-upload-archive' with a single required argument, or
|
'-c' is given, the program executes <command> non-interactively;
|
||||||
'cvs server' (to invoke 'git-cvsserver').
|
<command> can be one of 'git receive-pack', 'git upload-pack', 'git
|
||||||
|
upload-archive', 'cvs server', or a command in COMMAND_DIR. The shell
|
||||||
|
is started in interactive mode when no arguments are given; in this
|
||||||
|
case, COMMAND_DIR must exist, and any of the executables in it can be
|
||||||
|
invoked.
|
||||||
|
|
||||||
|
'cvs server' is a special command which executes git-cvsserver.
|
||||||
|
|
||||||
|
COMMAND_DIR is the path "$HOME/git-shell-commands". The user must have
|
||||||
|
read and execute permissions to the directory in order to execute the
|
||||||
|
programs in it. The programs are executed with a cwd of $HOME, and
|
||||||
|
<argument> is parsed as a command-line string.
|
||||||
|
|
||||||
Author
|
Author
|
||||||
------
|
------
|
||||||
|
|||||||
7
shell.c
7
shell.c
@ -149,8 +149,11 @@ int main(int argc, char **argv)
|
|||||||
} else if (argc == 1) {
|
} else if (argc == 1) {
|
||||||
/* Allow the user to run an interactive shell */
|
/* Allow the user to run an interactive shell */
|
||||||
cd_to_homedir();
|
cd_to_homedir();
|
||||||
if (access(COMMAND_DIR, R_OK | X_OK) == -1)
|
if (access(COMMAND_DIR, R_OK | X_OK) == -1) {
|
||||||
die("Sorry, the interactive git-shell is not enabled");
|
die("Interactive git shell is not enabled.\n"
|
||||||
|
"hint: ~/" COMMAND_DIR " should exist "
|
||||||
|
"and have read and execute access.");
|
||||||
|
}
|
||||||
run_shell();
|
run_shell();
|
||||||
exit(0);
|
exit(0);
|
||||||
} else if (argc != 3 || strcmp(argv[1], "-c")) {
|
} else if (argc != 3 || strcmp(argv[1], "-c")) {
|
||||||
|
|||||||
Reference in New Issue
Block a user