From: Junio C Hamano <gitster@pobox.com>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: Jeff King <peff@peff.net>, Sitaram Chamarty <sitaramc@gmail.com>,
Ethan Reesor <firelizzard@gmail.com>,
git@vger.kernel.org, Ramkumar Ramachandra <artagnon@gmail.com>,
Greg Brockman <gdb@mit.edu>
Subject: Re: [PATCH 1/2] shell doc: emphasize purpose and security model
Date: Sun, 10 Feb 2013 23:10:44 -0800 [thread overview]
Message-ID: <7vhaljpbpn.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <20130211055752.GF15329@elie.Belkin> (Jonathan Nieder's message of "Sun, 10 Feb 2013 21:57:52 -0800")
Jonathan Nieder <jrnieder@gmail.com> writes:
> diff --git a/Documentation/git-shell.txt b/Documentation/git-shell.txt
> index 9b925060..4fe93203 100644
> --- a/Documentation/git-shell.txt
> +++ b/Documentation/git-shell.txt
> @@ -9,25 +9,61 @@ git-shell - Restricted login shell for Git-only SSH access
> SYNOPSIS
> --------
> [verse]
> -'git shell' [-c <command> <argument>]
> +'chsh' -s $(which git-shell) git
<review type="nitpick" mode="posix-police">
Please don't use "which" in scripts. Perhaps "command -v" is more
suitable here.
</review>
Otherwise looks good to me. Thanks.
> +'git clone' `git@localhost:/path/to/repo.git`
> +'ssh' `git@localhost`
>
> DESCRIPTION
> -----------
>
> +This is a login shell for SSH accounts to provide restricted Git access.
> +It permits execution only of server-side Git commands implementing the
> +pull/push functionality, plus custom commands present in a subdirectory
> +named `git-shell-commands` in the user's home directory.
> +
> +COMMANDS
> +--------
> +
> +'git shell' accepts the following commands after the '-c' option:
> +
> +'git receive-pack <argument>'::
> +'git upload-pack <argument>'::
> +'git upload-archive <argument>'::
> + Call the corresponding server-side command to support
> + the client's 'git push', 'git fetch', or 'git archive --remote'
> + request.
> +'cvs server'::
> + Imitate a CVS server. See linkgit:git-cvsserver[1].
> +
> +If a `~/git-shell-commands` directory is present, 'git shell' will
> +also handle other, custom commands by running
> +"`git-shell-commands/<command> <arguments>`" from the user's home
> +directory.
> +
> +INTERACTIVE USE
> +---------------
> +
> +By default, the commands above can be executed only with the '-c'
> +option; the shell is not interactive.
> +
> +If a `~/git-shell-commands` directory is present, 'git shell'
> +can also be run interactively (with no arguments). If a `help`
> +command is present in the `git-shell-commands` directory, it is
> +run to provide the user with an overview of allowed actions. Then a
> +"`git> `" prompt is presented at which one can enter any of the
> +commands from the `git-shell-commands` directory, or `exit` to close
> +the connection.
> +
> +Generally this mode is used as an administrative interface to allow
> +users to list repositories they have access to, create, delete, or
> +rename repositories, or change repository descriptions and
> +permissions.
> +
> +SEE ALSO
> +--------
> +ssh(1),
> +linkgit:git-daemon[1],
> +contrib/git-shell-commands/README
>
> GIT
> ---
next prev parent reply other threads:[~2013-02-11 7:11 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-10 21:05 Git prompt Ethan Reesor
2013-02-10 21:25 ` Jonathan Nieder
2013-02-10 21:54 ` Ethan Reesor
2013-02-10 22:43 ` Jeff King
2013-02-10 22:54 ` Junio C Hamano
2013-02-11 0:43 ` Sitaram Chamarty
2013-02-11 1:20 ` [RFC/PATCH] shell: allow 'help' command to disable interactive shell Jonathan Nieder
2013-02-11 3:44 ` Junio C Hamano
2013-02-11 4:17 ` Jonathan Nieder
2013-02-11 4:30 ` Junio C Hamano
2013-02-11 4:32 ` Jonathan Nieder
2013-02-11 4:36 ` Jeff King
2013-02-11 5:22 ` Junio C Hamano
2013-02-11 5:57 ` Ethan Reesor
2013-02-11 6:07 ` Ethan Reesor
2013-02-11 6:09 ` Jonathan Nieder
2013-02-11 6:11 ` Ethan Reesor
2013-02-11 6:15 ` Jonathan Nieder
2013-02-11 6:22 ` Ethan Reesor
2013-02-11 6:14 ` Jonathan Nieder
2013-02-11 7:01 ` Junio C Hamano
2013-02-11 7:12 ` Jonathan Nieder
2013-02-11 7:17 ` Junio C Hamano
2013-02-11 7:21 ` Jonathan Nieder
2013-02-11 7:44 ` Junio C Hamano
2013-02-11 8:13 ` Jonathan Nieder
2013-02-11 16:17 ` Junio C Hamano
2013-02-11 16:00 ` Jeff King
2013-02-11 17:18 ` Junio C Hamano
2013-02-11 17:27 ` Jeff King
2013-02-11 7:18 ` Ethan Reesor
2013-02-11 7:15 ` Ethan Reesor
2013-02-11 7:22 ` Junio C Hamano
2013-02-11 7:26 ` Ethan Reesor
2013-02-11 7:28 ` Junio C Hamano
2013-02-11 3:59 ` Jeff King
2013-02-11 4:14 ` Jonathan Nieder
2013-02-11 4:17 ` Jeff King
2013-02-11 4:26 ` Jonathan Nieder
2013-02-11 4:33 ` Jeff King
2013-02-11 5:56 ` [PATCH 0/2 v2] " Jonathan Nieder
2013-02-11 5:57 ` [PATCH 1/2] shell doc: emphasize purpose and security model Jonathan Nieder
2013-02-11 7:10 ` Junio C Hamano [this message]
2013-02-11 7:13 ` Jonathan Nieder
2013-02-11 18:32 ` Junio C Hamano
2013-02-11 5:58 ` [PATCH 2/2] shell: pay attention to exit status from 'help' command Jonathan Nieder
2013-02-11 6:06 ` Ethan Reesor
2013-02-11 7:15 ` Junio C Hamano
2013-02-11 7:52 ` Jonathan Nieder
2013-02-11 16:28 ` Junio C Hamano
2013-02-11 4:45 ` [RFC/PATCH] shell: allow 'help' command to disable interactive shell Jeff King
2013-03-09 21:52 ` [PATCH v3 0/2] shell: allow 'no-interactive-login' " Jonathan Nieder
2013-03-09 21:55 ` [PATCH 1/2] shell doc: emphasize purpose and security model Jonathan Nieder
2013-03-09 22:00 ` [PATCH 2/2] shell: new no-interactive-login command to print a custom message Jonathan Nieder
2013-03-10 5:04 ` Junio C Hamano
2013-03-10 5:21 ` Jonathan Nieder
2013-03-10 10:49 ` Ramkumar Ramachandra
2013-03-11 22:48 ` Jonathan Nieder
2013-03-12 10:47 ` [PATCH v3 0/2] shell: allow 'no-interactive-login' command to disable interactive shell Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vhaljpbpn.fsf@alter.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=artagnon@gmail.com \
--cc=firelizzard@gmail.com \
--cc=gdb@mit.edu \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
--cc=peff@peff.net \
--cc=sitaramc@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).