Hi. On Wed, May 30, 2012 at 10:06:23AM +0200, Thorsten Glaser wrote: > On Tue, 29 May 2012, Olivier Berger wrote: > > > The available shells modifiable from the useredit.php page are defined > > after /etc/shells, but this should be something specific to > > fusionforge and not based on the base host's /etc/shell, IMHO, i.e. > > No. The content of /etc/shells should so totally be available > to use for users. Getting other things like anonsvnsh etc. > into that list can be done in some other place, but the base > shells should be available. > > (In Evolvisforge, we just push more elements onto the array.) >
FYI, I've just committed in upstream trunk (rev. 16016) a proposed set of changes that allow to set allowed shells in /var/lib/gforge/chroot/etc/shells if it exist and in /etc/shell if not, the possible shell choices for users. It also introduces a config ini variable that can be used to set the default shell (instead of an harcoded /bin/bash). It should be back-portable to 5.2, and I would feel much safer offering the ability to restrict easily the shells available to fusionforge users in Debian, wrt to wheezy's security. Hope this helps. Best regards, -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
