GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index

6.5 svn

Remote access to SVN repositories is done via svnserve binary. It is executed on server with -t option. The -r option can be used to restrict access to a subset of root directories. So, we can use the following rule:

rule svn
  match $command ~ "^svnserve -t"
  set command =~ "s|-r *[^ ]*||"
  set command =~ \
      "s|^svnserve |/usr/bin/svnserve -r /svnroot|"

The first set command action removes any -r options the user might have specified and enforces a single root directory. A more restrictive action can be used to improve security:

  set command =~ "s|.*|/usr/bin/svnserve -r /svnroot|"

GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index