[英]Can I give my team a private key for an ssh linux repository that limits access?
I have a linux repository in my school that allows me to access my own root.我在学校有一个 linux 存储库,它允许我访问自己的根目录。 Could I give my team a private key that only allows them to R/W on certain folders in my own directory?
我可以给我的团队一个私钥,只允许他们读/写我自己目录中的某些文件夹吗?
For instance I would have two folders like so: path/to/folder1 & path/to/folder2.例如,我会有两个这样的文件夹:path/to/folder1 & path/to/folder2。
Could I specify a specific private key to only having access to those two folders and nothing else?我可以指定一个特定的私钥来只访问这两个文件夹吗? In any other folder, an attempt to R/W would result in (access denied).
在任何其他文件夹中,尝试 R/W 将导致(访问被拒绝)。 They would be logging in as me, but the private key would default to this limited access.
他们将以我的身份登录,但私钥将默认为此受限访问。
Edit: Even better.编辑:更好。 All I really want them to be able to do is git merge main .
我真正希望他们能够做的就是git merge main 。 That's it.
就是这样。 I want them to be able to be inside of my root, and do the command git merge main.
我希望它们能够在我的根目录中,并执行命令 git merge main。 Only access I want them to have.
只有我希望他们拥有的访问权限。
Yes.是的。 You can use the
command
parameter in your authorized_keys
file for that.为此,您可以在
authorized_keys
文件中使用command
参数。 See AUTHORIZED_KEYS FILE FORMAT in https://man7.org/linux/man-pages/man8/sshd.8.html :请参阅https://man7.org/linux/man-pages/man8/sshd.8.html中的 AUTHORIZED_KEYS 文件格式:
command="command"
Specifies that the command is executed whenever this key is used for authentication.
指定只要使用此密钥进行身份验证就执行该命令。 The command supplied by the user (if any) is ignored.
忽略用户提供的命令(如果有)。 ... This option might be useful to restrict certain public keys to perform just a specific operation.
...此选项可能有助于限制某些公钥仅执行特定操作。 An example might be a key that permits remote backups but nothing else.
一个示例可能是允许远程备份但仅此而已的密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.