From: Jonathan Nieder <jrnieder@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Jeff King <peff@peff.net>, Sitaram Chamarty <sitaramc@gmail.com>,
Ethan Reesor <firelizzard@gmail.com>,
git@vger.kernel.org, Ramkumar Ramachandra <artagnon@gmail.com>,
Greg Brockman <gdb@mit.edu>
Subject: Re: [PATCH 2/2] shell: pay attention to exit status from 'help' command
Date: Sun, 10 Feb 2013 23:52:45 -0800 [thread overview]
Message-ID: <20130211075245.GO15329@elie.Belkin> (raw)
In-Reply-To: <7vd2w7pbh5.fsf@alter.siamese.dyndns.org>
Junio C Hamano wrote:
> Jonathan Nieder <jrnieder@gmail.com> writes:
>> +To disable interactive logins, displaying a greeting instead:
>> ++
>> +----------------
>> +$ chsh -s /usr/bin/git-shell
>> +$ mkdir $HOME/git-shell-commands
>> +$ cat >$HOME/git-shell-commands/help <<\EOF
>> +#!/bin/sh
>> +printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
>
> Where in the sshd to git-shell exec chain is $USER variable set for
> the user? Just being curious if this is the simplest but one of the
> more robust ways to get the user's name.
That's a good question. environment= in an authorized_keys file is
obsolete, so USER generally represents the actual logged in user.
That means the main way to base behavior on private key (letting one
system user represent multiple people) is a gitolite-style command=
wrapper that checks SSH_ORIGINAL_COMMAND. In that setup, there is no
reason to forward simple no-args "are you there?" requests to the
git-shell, so we can forget about it here.
So by the time we get to git-shell, most likely either
A) this is a generic system user, with a username like "git", and the
above example would insult the client with "Hi git!" or "Hi
project-x-git!"
or
B) each person has a separate account on the system, perhaps to help
the admin to set filesystem permissions based on users and groups,
and the above would address the user by her normal name.
Jonathan
next prev parent reply other threads:[~2013-02-11 7:53 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-10 21:05 Git prompt Ethan Reesor
2013-02-10 21:25 ` Jonathan Nieder
2013-02-10 21:54 ` Ethan Reesor
2013-02-10 22:43 ` Jeff King
2013-02-10 22:54 ` Junio C Hamano
2013-02-11 0:43 ` Sitaram Chamarty
2013-02-11 1:20 ` [RFC/PATCH] shell: allow 'help' command to disable interactive shell Jonathan Nieder
2013-02-11 3:44 ` Junio C Hamano
2013-02-11 4:17 ` Jonathan Nieder
2013-02-11 4:30 ` Junio C Hamano
2013-02-11 4:32 ` Jonathan Nieder
2013-02-11 4:36 ` Jeff King
2013-02-11 5:22 ` Junio C Hamano
2013-02-11 5:57 ` Ethan Reesor
2013-02-11 6:07 ` Ethan Reesor
2013-02-11 6:09 ` Jonathan Nieder
2013-02-11 6:11 ` Ethan Reesor
2013-02-11 6:15 ` Jonathan Nieder
2013-02-11 6:22 ` Ethan Reesor
2013-02-11 6:14 ` Jonathan Nieder
2013-02-11 7:01 ` Junio C Hamano
2013-02-11 7:12 ` Jonathan Nieder
2013-02-11 7:17 ` Junio C Hamano
2013-02-11 7:21 ` Jonathan Nieder
2013-02-11 7:44 ` Junio C Hamano
2013-02-11 8:13 ` Jonathan Nieder
2013-02-11 16:17 ` Junio C Hamano
2013-02-11 16:00 ` Jeff King
2013-02-11 17:18 ` Junio C Hamano
2013-02-11 17:27 ` Jeff King
2013-02-11 7:18 ` Ethan Reesor
2013-02-11 7:15 ` Ethan Reesor
2013-02-11 7:22 ` Junio C Hamano
2013-02-11 7:26 ` Ethan Reesor
2013-02-11 7:28 ` Junio C Hamano
2013-02-11 3:59 ` Jeff King
2013-02-11 4:14 ` Jonathan Nieder
2013-02-11 4:17 ` Jeff King
2013-02-11 4:26 ` Jonathan Nieder
2013-02-11 4:33 ` Jeff King
2013-02-11 5:56 ` [PATCH 0/2 v2] " Jonathan Nieder
2013-02-11 5:57 ` [PATCH 1/2] shell doc: emphasize purpose and security model Jonathan Nieder
2013-02-11 7:10 ` Junio C Hamano
2013-02-11 7:13 ` Jonathan Nieder
2013-02-11 18:32 ` Junio C Hamano
2013-02-11 5:58 ` [PATCH 2/2] shell: pay attention to exit status from 'help' command Jonathan Nieder
2013-02-11 6:06 ` Ethan Reesor
2013-02-11 7:15 ` Junio C Hamano
2013-02-11 7:52 ` Jonathan Nieder [this message]
2013-02-11 16:28 ` Junio C Hamano
2013-02-11 4:45 ` [RFC/PATCH] shell: allow 'help' command to disable interactive shell Jeff King
2013-03-09 21:52 ` [PATCH v3 0/2] shell: allow 'no-interactive-login' " Jonathan Nieder
2013-03-09 21:55 ` [PATCH 1/2] shell doc: emphasize purpose and security model Jonathan Nieder
2013-03-09 22:00 ` [PATCH 2/2] shell: new no-interactive-login command to print a custom message Jonathan Nieder
2013-03-10 5:04 ` Junio C Hamano
2013-03-10 5:21 ` Jonathan Nieder
2013-03-10 10:49 ` Ramkumar Ramachandra
2013-03-11 22:48 ` Jonathan Nieder
2013-03-12 10:47 ` [PATCH v3 0/2] shell: allow 'no-interactive-login' command to disable interactive shell Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130211075245.GO15329@elie.Belkin \
--to=jrnieder@gmail.com \
--cc=artagnon@gmail.com \
--cc=firelizzard@gmail.com \
--cc=gdb@mit.edu \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=sitaramc@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).