Add (very experimental) caretaker-shell

2 files changed, 43 insertions, 0 deletions

diff --git a/examples/caretaker-shell b/examples/caretaker-shell
new file mode 100755
index 0000000..ce59a90
--- /dev/null
+++ b/examples/caretaker-shell
@@ -0,0 +1,23 @@
+#!/usr/bin/env zsh
+
+# Change this to your package root
+PKG_ROOT='/home/derf/var/packages_root'
+
+# Change this to the location of your pkglist script (if non-default)
+PKG_LIST=${PKG_ROOT}/pkglist
+
+args=(${(z)SSH_ORIGINAL_COMMAND})
+
+if [[ \
+	( \
+		$args[1] == ${PKG_LIST} && \
+		$args[2] == ${PKG_ROOT} \
+	) || ( \
+		$args[1] == 'git-'(upload|receive)'-pack' && \
+		$args[2] != *'../'* && \
+		$args[2] == \'${PKG_ROOT}/*\' \
+	) \
+]] {
+	args[2]=${args[2]//\'}
+	${args}
+}
diff --git a/man/7/caretaker-shell.pod b/man/7/caretaker-shell.pod
new file mode 100644
index 0000000..faac251
--- /dev/null
+++ b/man/7/caretaker-shell.pod
@@ -0,0 +1,20 @@
+=pod
+
+=head1 NAME
+
+caretaker-shell - Restricted shell for caretaker commands
+
+=head1 DESCRIPTION
+
+B<caretaker-shell> is designed to only execute commands required B<caretaker>.
+This is useful if you want to use B<caretaker> with ssh on untrusted hosts:
+Generate a SSH key and put it into your .ssh/authorized_keys prefixed by
+C<< command="/path/to/caretaker-shell" >>.
+This way, caretaker will work, but it won't be possible to gain actual SSH
+access to your host.
+
+=head1 WARNING
+
+This is an experimental feature, security flaws may be present. Use at own
+risk, and while you're at it you might also want to add a passphrase to your
+ssh keys.