Locking down that CVS server

by Raffi Krikorian

I had to setup a repository for the class I'm TAing this year, and I bumped into this great Chrooted SSH CVS Server HOWTO (courtesy of the Google cache).



The niftiest part of the HOWTO is not the chroot jail (there are plenty of resources on how to set one up and even some interesting ones on how to possibly break out of them) -- but rather the idea of using smrsh as the default shell of a user to allow them to only use CVS and not log in.



smrsh is the restricted shell that Sendmail uses. When you want to execute an arbitrary command from your aliases file, Sendmail, by default, executes the command through smrsh who will only use a command if it has it in a directory it owns. Read this as a poor man's attempt at preventing arbitrary code from being run. What that document suggested, and I used, was to set the default shell of users to smrsh and then setup smrsh to only be allowed to execute a statically linked CVS binary. Voila! People can then SSH tunnel CVS, but they cannot actually log into the machine.



Anyway, I thought it was cool.