[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] End of an Era: shell access.

Eike,

 There is a built in 'help' function which will display the available commands.

Ed,

 I left cron jobs alone with the idea that people would ask for them to be removed once they had been moved elsewhere. Please file a bug and I'll get the job cleaned up.

-Matt,

On Thu, Aug 29, 2019 at 2:52 AM Eike Stepper <stepper@xxxxxxxxxx> wrote:
Am 27.08.2019 um 16:44 schrieb Matthew Ward:
> Hi Ed,
>
> Â The restricted shell was originally created with the goal of providing committers a way to interact with the
> downloads/archive filesystems for releng activities, and version control systems without providing a general purpose
> shell. So naturally the command set available leans in that direction(mv,cp,mkdir,git etc).
Finding out what the restricted shell actually allows you to do is quite annoying, as it just kicks you out on forbidden
commands. Is there an alternative way of discovering/indicating forbiddenness?

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper


>
> We are certainly willing to discuss adding extra commands either temporarily or permanently, but I want to make it
> clear that the goal is not to reproduce bash.
>
> -Matt.
>
>
>
>
> On Mon, Aug 26, 2019 at 9:58 AM Ed Merks <ed.merks@xxxxxxxxx <mailto:ed.merks@xxxxxxxxx>> wrote:
>
>  ÂWhat will we be able to do in restricted shell? Using vi is a very basic activity. I suppose there must be some
>  Âgood reason why that's restricted? Earlier I was under the impression that such simple things would continue to
>  Âwork, but now I have to wonder. But then it was mentioned that things we discover needed could become unrestricted...
>
>
>Â Â ÂOn 26.08.2019 15:35, Matthew Ward wrote:
>>Â Â ÂHi David,
>>
>>Â Â ÂÂ Thanks for the questions.
>>
>>Â Â ÂUsers with the restricted shell will have the same home directories that they do currently, which will remain the
>>  Âplace for authorized keys. ÂYou won't be able to edit(vi/emacs/ed) files directly within the restricted shell,
>>  Âso you will need to upload them via scp/rsync. If you want a more 'interactive' type of access I'd suggest
>>Â Â Âlooking into using libfuse, and specifically the sshfs file system.
>>
>>  ÂThe restricted shell allows rsync, so there should be zero impact. If you'd like to test in advance, drop me a
>>Â Â Âline and I'll set you up.
>>
>>Â Â Â-Matt.
>>
>>Â Â ÂOn Sat, Aug 24, 2019 at 3:23 PM David Williams <david_williams@xxxxxxx <mailto:david_williams@xxxxxxx>> wrote:
>>
>>Â Â Â Â ÂOn 8/23/19 14:24, Matthew Ward wrote:
>>>Â Â Â Â ÂHi Everyone,
>>>
>>>Â Â Â Â ÂÂ I just wanted to follow up with a reminder that on August 28th we will be moving committers that have an
>>>Â Â Â Â Âactual shell on Eclipse.org to our restricted shell.
>>>
>>>Â Â Â Â ÂI'd like to thank both Donat and Etienne on the Buildship RelEng team who volunteered to test this change,
>>>Â Â Â Â Âand helped me confirm that this change should be minimally disruptive.
>>>
>>>Â Â Â Â ÂIf you have any questions, please let me know.
>>>
>>>Â Â Â Â Â-Matt.
>>>
>>
>>Â Â Â Â ÂThanks for the reminder.
>>
>>Â Â Â Â ÂWill those of use that still want to use 'scp' and similar still have a 'home directory' (on "build"?) and is
>>Â Â Â Â Âthat still the place for .ssh/authorized_keys2? Or, does all that change with "restricted shell"?
>>
>>Â Â Â Â ÂIf a change, can you point me to instructions on how to set that up? I would assume some form of "ssh-copy-id
>>Â Â Â Â Âhostname" but thought best not to assume and ask explicitly.
>>
>>Â Â Â Â ÂIn case you are wondering, the use case, for using scp and similar is to download a number of builds to my
>>Â Â Â Â Âlocal machine (without going through web interfaces).
>>Â Â Â Â ÂNow that I think of it, I currently use rsync via ssh, such as
>>
>>Â Â Â Â ÂÂrsync -a -e ssh ${committer_id}@build.eclipse.org:$ <mailto:committer_id%7D@xxxxxxxxxxxxxxxxx:$>{dlpath}
>>Â Â Â Â Â"${output_dir}"
>>
>>Â Â Â Â ÂWill that still work with a restricted shell? Or, will I need to convert to "scp"?
>>
>>Â Â Â Â ÂThanks,
>>
>>
>>Â Â Â Â Â_______________________________________________
>>Â Â Â Â Âcross-project-issues-dev mailing list
>>Â Â Â Â Âcross-project-issues-dev@xxxxxxxxxxx <mailto:cross-project-issues-dev@xxxxxxxxxxx>
>>Â Â Â Â ÂTo change your delivery options, retrieve your password, or unsubscribe from this list, visit
>>Â Â Â Â Âhttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
>>
>>
>>Â Â Â_______________________________________________
>>Â Â Âcross-project-issues-dev mailing list
>>  Âcross-project-issues-dev@xxxxxxxxxxx <mailto:cross-project-issues-dev@xxxxxxxxxxx>
>>Â Â ÂTo change your delivery options, retrieve your password, or unsubscribe from this list, visit
>>Â Â Âhttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
>Â Â Â_______________________________________________
>Â Â Âcross-project-issues-dev mailing list
>Â Â Âcross-project-issues-dev@xxxxxxxxxxx <mailto:cross-project-issues-dev@xxxxxxxxxxx>
>Â Â ÂTo change your delivery options, retrieve your password, or unsubscribe from this list, visit
>Â Â Âhttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
>
>
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev


_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev