Re: Server side programs

[Junio C Hamano <junkio@cox.net>]

Andreas Ericsson <ae@op5.se> writes:

> Are git-receive-pack and git-upload-pack the only two binaries that get 
> called directly over a SSH-tunnel?

There are git-ssh-fetch and git-ssh-upload which call each other
(and the older name pairs git-ssh-push and git-sh-pull do so as
well).  However, you do not have to use these commit walkers
over ssh; fetch-pack/upload-pack pair work quite well.

I think your question is "what is the absolute minimum set of
binaries you need to allow", so I think the two listed are
enough.  If you want to let your users coming over SSH *create*
a new repository on your machine, you would need a bit more,
though (namely, shell access to run mkdir and git-init-db).

> The reason I'm asking is that I'm adding support for userrelative paths 
> (git pull ssh://host:~user/somedir) and removing the possibilities to 
> use a compromised but limited account for finding out what other 
> useraccounts are available.

Sorry, it is not clear to me what you are adding.  I do this
regularly:

	$ git push kernel.org:git/
	$ git fetch kernel.org:git/

to push into and fetch from $HOME/git/ repository on the other
end.

Also I can do this already (assuming the other end hangs all
users under the same directory, presumably /home/$user):

	$ git fetch kernel.org:../torvalds/git/

Are you in addition trying to let me do this:

	$ git fetch kernel.org:~torvalds/git/

which would work even when ~torvalds == /home/torvalds and
~junio == /home2/junio, without having to tell people where
the user home directories are?

At one point, Linus posted an outline of "restricted login shell
for use with git over ssh".  I think you could start from there,
perhaps extend it so that it checks the binaries *and* pathnames
the user can specify (e.g. only under your own $HOME is allowed,
and no /../ in them, or something silly like that).