svn+ssh://odyssey@core/u/odyssey/svn/odyssey/
/u/odyssey/.ssh/authorized_keys
with an extra prefix limiting the available shells to svnserve
and mapping your public key with the author name USER
that will be recorded in your commits.
command="svnserve -t --tunnel-user=USER" ssh-dss AAAA...
odyssey
home directory, another key pair should be created for the above Subversion access. Replace the user's default public key in the above authorized_keys
line with the new Subversion-only public key. The user's default public key should be added as another line without the command
prefix. (A custom home sub-directory may be arranged with the prefix command="exec ~odyssey/pub/bin/login -r $USER -e SSH_ORIGINAL_COMMAND"
). The following line should be added to the user's shell startup file, provided that ~/.ssh/svn_id_dsa{,.pub}
is the new Subversion-only key pair. The line should be activated by either executing it or logging in.
export SVN_SSH="ssh -i ${HOME}/.ssh/svn_id_dsa"
svn co svn+ssh://odyssey@core/u/odyssey/svn/odyssey/
ogsas
repository from Subversion clients is limited via files in /u/odyssey/svn/ogsas/conf/ and /u/odyssey/.ssh.
/u/odyssey/svn/ogsas/conf/authz: [groups] dev = odyssey,ijmorlan
/u/odyssey/.ssh/authorized_keys: command="svnserve -t --tunnel-user=USER" ssh-dss AAAA...= USER@HOST
ogsas
repository is performed on behalf of user odyssey
and is additionally limited by the ViewVC configuration file in /u/odyssey/lib/viewvc/viewvc.conf. (This became possible after making a custom change to the authorization code in ViewVC).
/u/odyssey/lib/viewvc/viewvc.conf [root-ogsas/authz-forbidden] forbidden = * superusers = USER1, USER2, ... [root-odyssey/authz-forbidden] forbidden = !*
/u/odyssey/lib/mailer/mailer.conf
. A custom change was made to the mailer script to avoid unnecessary notifications from ogsas/today
and to format the body of the message.
-- IsaacMorland
-- IlguizLatypov - 24 Aug 2007