From e861551f7330a17f89f2b0704c906dd3451f8fbd Mon Sep 17 00:00:00 2001
From: Rafael Laboissiere <rafael@laboissiere.net>
Date: Thu, 21 Jan 2016 18:23:51 -0200
Subject: Allow the inclusion of RSA keys with read-only access

This is accomplished by using option 'command="..."' that precede the
key sting in the authorized_keys file.  The add-authorized-keys script
accepts now the -r option for enabling the inclusion of the option
above.

The included option is actually 'command="read-only"', which points to
a new script named read-only that is installed in the
git-shell-commands directory of the Git user's login directory.  This
is done in the add-git-user script.

Also, this commit makes some improvement in the code.  The
add-authorized-keys script has now a usage function and accepts a -h
option.  The add-git-user script has been better documented
---
 add-git-user | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'add-git-user')

diff --git a/add-git-user b/add-git-user
index 1f5eec1..84660cb 100755
--- a/add-git-user
+++ b/add-git-user
@@ -63,6 +63,21 @@ printf '%s\\n\\n' "provide interactive shell access."
 exit 128
 EOF
 chmod +x $nolog
+
+### Create the read-only script
+readonly=$gitshdir/read-only
+cat > $readonly <<EOF
+#!/bin/bash
+read -a tokens <<< "\$SSH_ORIGINAL_COMMAND"
+if [ "\${tokens[0]}" != git-receive-pack ] ; then
+    exec git-shell -c "\$SSH_ORIGINAL_COMMAND"
+else
+    exit 128
+fi
+EOF
+chmod +x $readonly
+
+### Adjust owner of git-shell-commands directory
 chown -R $user:$user $gitshdir
 
 ### Initialize the SSH directory
-- 
cgit v1.2.3