Browse Source

smd-restricted-shell added

Enrico Tassi 8 years ago
parent
commit
f958e37e9d
4 changed files with 52 additions and 1 deletions
  1. 2
    1
      Makefile
  2. 2
    0
      README
  3. 26
    0
      smd-restricted-shell
  4. 22
    0
      smd-restricted-shell.1.txt

+ 2
- 1
Makefile View File

@@ -8,7 +8,7 @@ COPYRIGHT=© 2008-2011 Enrico Tassi <gares@fettunta.org>
8 8
 BINARIES=mddiff smd-applet
9 9
 MANPAGES1=mddiff.1 smd-server.1 smd-client.1 \
10 10
 	 smd-pull.1 smd-push.1 smd-loop.1 smd-applet.1 smd-translate.1 \
11
-	 smd-check-conf.1
11
+	 smd-check-conf.1 smd-restricted-shell.1
12 12
 MANPAGES5=smd-config.5
13 13
 HTML=index.html design.html hooks.html
14 14
 DESTDIR=
@@ -171,6 +171,7 @@ install-bin: $(BINARIES)
171 171
 	$(call install-replacing,smd-push,bin)
172 172
 	$(call install-replacing,smd-translate,bin)
173 173
 	$(call install-replacing,smd-check-conf,bin)
174
+	$(call install-replacing,smd-restricted-shell,bin)
174 175
 	$(call install-replacing,smd-loop,bin)
175 176
 	$(call install-replacing,smd-common,share/$(PROJECTNAME))
176 177
 	$(call install-replacing,syncmaildir.lua,share/lua/$(LUAV))

+ 2
- 0
README View File

@@ -76,6 +76,8 @@ flexibility).
76 76
   performs a quick check that a setup, especially when it involves
77 77
   some folders renaming, actually works as expected. This tool is meant to
78 78
   be manually called by the user to check a given configuration file.
79
+- [`smd-restricted-shell`](smd-restricted-shell.1.html)
80
+  ...
79 81
 - [`smd-loop`](smd-loop.1.html) 
80 82
   runs runs smd-push and smd-pull at regular intervals as defined
81 83
   by the user in a configuration file, in the style of a crontab, but

+ 26
- 0
smd-restricted-shell View File

@@ -0,0 +1,26 @@
1
+#!/bin/sh
2
+#
3
+# Released under the terms of GPLv3 or at your option any later version.
4
+# No warranties.
5
+# Copyright Enrico Tassi <gares@fettunta.org>
6
+
7
+set -e
8
+#set -x
9
+
10
+PREFIX="@PREFIX@"
11
+if [ `echo "$PREFIX" | cut -c -1` = "@" ]; then
12
+	echo "smd-restricted-shell not installed, assuming PREFIX=."
13
+	WHERE="./"
14
+else
15
+	WHERE="$PREFIX/bin"
16
+fi
17
+
18
+# check that SSH_ORIGINAL_COMMAND contains only
19
+# smd-client/smd-server
20
+C=`echo $SSH_ORIGINAL_COMMAND | cut -f 1`
21
+if [ "$C" != "$WHERE/smd-client" -a "$C" != "$WHERE/smd-server" ]; then
22
+      exit 1
23
+fi
24
+
25
+# we now run the smd command
26
+exec $SSH_ORIGINAL_COMMAND

+ 22
- 0
smd-restricted-shell.1.txt View File

@@ -0,0 +1,22 @@
1
+NAME
2
+  smd-restricted-shell - restricted shell for smd
3
+
4
+SYNOPSIS
5
+  command="smd-restricted-shell" ssh-rsa ...
6
+
7
+DESCRIPTION
8
+  This utility is meant to be used in conjunction with an ssh key.
9
+  You can restrict the commands that are allowed to be executed on your
10
+  remote host when the login is performed using a particular ssh key.
11
+  Just prefix the line corresponding to that ssh key with
12
+
13
+    command="smd-restricted-shell"
14
+
15
+FILES
16
+  ~/.ssh/authorized_keys
17
+
18
+SEE ALSO
19
+  ssd(8)
20
+
21
+AUTHOR
22
+  Enrico Tassi <gares@fettunta.org>

Loading…
Cancel
Save