[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] End of an Era: shell access.

Also,

I've been converting one of Eike's cronjobs to a Jenkins job (which works now), but, according to Eike, last night his cronjob still ran. I need his cronjob to not run anymore. Does some action need to be taken for the cronjobs to stop running?

Regards,
Ed

On 29.08.2019 08:52, Eike Stepper wrote:
Am 27.08.2019 um 16:44 schrieb Matthew Ward:
Hi Ed,

 The restricted shell was originally created with the goal of providing committers a way to interact with the downloads/archive filesystems for releng activities, and version control systems without providing a general purpose shell. So naturally the command set available leans in that direction(mv,cp,mkdir,git etc).
Finding out what the restricted shell actually allows you to do is quite annoying, as it just kicks you out on forbidden commands. Is there an alternative way of discovering/indicating forbiddenness?

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper



We are certainly willing to discuss adding extra commands either temporarily or permanently, but I want to make it clear that the goal is not to reproduce bash.


-Matt.




On Mon, Aug 26, 2019 at 9:58 AM Ed Merks <ed.merks@xxxxxxxxx <mailto:ed.merks@xxxxxxxxx>> wrote:


 What will we be able to do in restricted shell? Using vi is a very basic activity. I suppose there must be some
 good reason why that's restricted? Earlier I was under the impression that such simple things would continue to
 work, but now I have to wonder. But then it was mentioned that things we discover needed could become unrestricted...



ÂÂÂ On 26.08.2019 15:35, Matthew Ward wrote:
ÂÂÂ Hi David,

ÂÂÂ Â Thanks for the questions.

ÂÂÂ Users with the restricted shell will have the same home directories that they do currently, which will remain the
 place for authorized keys. ÂYou won't be able to edit(vi/emacs/ed) files directly within the restricted shell,
 so you will need to upload them via scp/rsync. If you want a more 'interactive' type of access I'd suggest
ÂÂÂ looking into using libfuse, and specifically the sshfs file system.


 The restricted shell allows rsync, so there should be zero impact. If you'd like to test in advance, drop me a
ÂÂÂ line and I'll set you up.


ÂÂÂ -Matt.

ÂÂÂ On Sat, Aug 24, 2019 at 3:23 PM David Williams <david_williams@xxxxxxx <mailto:david_williams@xxxxxxx>> wrote:

ÂÂÂÂÂÂÂ On 8/23/19 14:24, Matthew Ward wrote:
ÂÂÂÂÂÂÂ Hi Everyone,

ÂÂÂÂÂÂÂ Â I just wanted to follow up with a reminder that on August 28th we will be moving committers that have an
ÂÂÂÂÂÂÂ actual shell on Eclipse.org to our restricted shell.


ÂÂÂÂÂÂÂ I'd like to thank both Donat and Etienne on the Buildship RelEng team who volunteered to test this change,
ÂÂÂÂÂÂÂ and helped me confirm that this change should be minimally disruptive.


ÂÂÂÂÂÂÂ If you have any questions, please let me know.

ÂÂÂÂÂÂÂ -Matt.


ÂÂÂÂÂÂÂ Thanks for the reminder.

ÂÂÂÂÂÂÂ Will those of use that still want to use 'scp' and similar still have a 'home directory' (on "build"?) and is
ÂÂÂÂÂÂÂ that still the place for .ssh/authorized_keys2? Or, does all that change with "restricted shell"?


ÂÂÂÂÂÂÂ If a change, can you point me to instructions on how to set that up? I would assume some form of "ssh-copy-id
ÂÂÂÂÂÂÂ hostname" but thought best not to assume and ask explicitly.


ÂÂÂÂÂÂÂ In case you are wondering, the use case, for using scp and similar is to download a number of builds to my
ÂÂÂÂÂÂÂ local machine (without going through web interfaces).
ÂÂÂÂÂÂÂ Now that I think of it, I currently use rsync via ssh, such as


ÂÂÂÂÂÂÂ Ârsync -a -e ssh ${committer_id}@build.eclipse.org:$ <mailto:committer_id%7D@xxxxxxxxxxxxxxxxx:$>{dlpath}
ÂÂÂÂÂÂÂ "${output_dir}"


ÂÂÂÂÂÂÂ Will that still work with a restricted shell? Or, will I need to convert to "scp"?

ÂÂÂÂÂÂÂ Thanks,


ÂÂÂÂÂÂÂ _______________________________________________
ÂÂÂÂÂÂÂ cross-project-issues-dev mailing list
ÂÂÂÂÂÂÂ cross-project-issues-dev@xxxxxxxxxxx <mailto:cross-project-issues-dev@xxxxxxxxxxx>
ÂÂÂÂÂÂÂ To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev



ÂÂÂ _______________________________________________
ÂÂÂ cross-project-issues-dev mailing list
ÂÂÂ cross-project-issues-dev@xxxxxxxxxxx <mailto:cross-project-issues-dev@xxxxxxxxxxx>
ÂÂÂ To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
ÂÂÂ _______________________________________________
ÂÂÂ cross-project-issues-dev mailing list
ÂÂÂ cross-project-issues-dev@xxxxxxxxxxx <mailto:cross-project-issues-dev@xxxxxxxxxxx>
ÂÂÂ To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev



_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev


_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev