NetBSD Developer Documentation: Developer Restricted Shell Access

For security reasons, developer access on cvs.NetBSD.org has been restricted to the following commands:

Restricted Shell Commands

cvs server
passwd
pwstore
update_my_keys
rsync --server --daemon

Restricted Shell Commands

cvs server

This allows you to use CVS (CVS in client/server mode invokes cvs server on the remote side to do its processing).

passwd

This allows you to change your password interactively. Remember that you have to use ssh -t so that your password does not get echoed on the screen. This feature currently serves no purpose.

pwstore

This allows you to set your initial Kerberos password. Remember that you have to use ssh -t so that your password does not get echoed on the screen.

update_my_keys

This command allows you to manage your .ssh/authorized_keys file on cvs.NetBSD.org using RCS. You can feed it a new authorized_keys on stdin, and it will store the old file using RCS, and then install the new set of keys. It should be invoked as “ssh cvs.NetBSD.org update_my_keys”, with the new authorized_keys file passed to it on stdin. It will not accept null input (deletion of all keys) unless it is invoked as update_my_keys -d.

WARNING: The update_my_keys command replaces the current authorized_keys file. Any keys not in the file you supply will be deleted.

NOTE: The update_my_keys command only updates keys on cvs.NetBSD.org, not on any other TNF hosts.

Because there is a limit of line length on UNIX tty driver with line-editing enabled, it is safe to do “stty -icanon” to disable line-editing before invoking update_my_keys. Don't forget to re-enable line-editing by doing “stty icanon” in such a case.

If you make an error, you can ask the admin group to restore an older authorized_keys file for you. But because a restoration request needs to be signed by PGP, you must commit your PGP key to the repository before doing update_my_keys.

rsync --server --daemon

This command requires rsync 2.5.6 or newer. It allows you to run rsync in daemon mode over an SSH connection. Your login shell will adjust any rsync command line to force the use of an rsync daemon configuration file that will only allow you to read /cvsroot, using module name cvsroot. So, you invoke rsync like this (for example):

rsync -avS --delete -e ssh <login>@cvs.NetBSD.org::cvsroot/src .

This command will connect to cvs.NetBSD.org using ssh as user loginname, invoke the rsync daemon, and fetch the src subdirectory of the cvsroot module, which of course corresponds to /cvsroot/src.

If you want to rsync the entire repository, take care not to sync CVSROOT/history.*.xz and CVSROOT/commitlog.*.xz by specifying options --exclude 'history.*.xz' and --exclude 'commitlog.*.xz', unless you want to engage in historical studies. The sum of these files is >8.5GB.

Back to NetBSD Developer Documentation