[svnbook] r5713 committed - branches/1.8/zh/book/ ch06-server-configuration.xml
wuzhouhui at users.sourceforge.net
wuzhouhui at users.sourceforge.net
Sun Jun 10 18:48:58 CDT 2018
Revision: 5713
http://sourceforge.net/p/svnbook/source/5713
Author: wuzhouhui
Date: 2018-06-10 23:48:56 +0000 (Sun, 10 Jun 2018)
Log Message:
-----------
1.8/zh: translation of chapter 6 in progress
Modified Paths:
--------------
branches/1.8/zh/book/ch06-server-configuration.xml
Modified: branches/1.8/zh/book/ch06-server-configuration.xml
===================================================================
--- branches/1.8/zh/book/ch06-server-configuration.xml 2018-06-08 13:48:10 UTC (rev 5712)
+++ branches/1.8/zh/book/ch06-server-configuration.xml 2018-06-10 23:48:56 UTC (rev 5713)
@@ -2667,6 +2667,7 @@
那么 <command>svnserve</command> 会认为所有的提交都来自被共享的
账户.</para>
+ <!--
<para>A final word of caution: giving a user access to the
server via public-key in a shared account might still allow
other forms of SSH access, even if you've set
@@ -2677,6 +2678,13 @@
To give the user as little permission as possible, you may
want to specify a number of restrictive options immediately
after the <literal>command</literal>:</para>
+ -->
+ <para>最后一点需要提醒的是: 如果一个用户可通过共享账户的公钥访问
+ 服务器, 即使在 <filename>authorized_keys</filename> 里设置了
+ <literal>command</literal>, 也可能仍然允许其他形式的 SSH 访问. 例如
+ 用户仍然能够通过 SSH 获取 shell 访问权限, 或者 X11 窗口, 或者一般
+ 性的端口转发. 为了使用户的权限尽可能得小, 在
+ <literal>command</literal> 后面添加一些限制选项:</para>
<informalexample>
<programlisting>
@@ -2685,6 +2693,7 @@
</programlisting>
</informalexample>
+ <!--
<para>Note that this all must be on one line—truly on
one line—since SSH <filename>authorized_keys</filename>
files do not even allow the conventional backslash character
@@ -2691,6 +2700,10 @@
(<literal>\</literal>) for line continuation. The only
reason we've shown it with a line break is to fit it on
the physical page of a book.</para>
+ -->
+ <para>注意上面的内容必须写在同一行内, 因为
+ <filename>authorized_keys</filename> 不支持通过反斜杠来实现行的
+ 延续, 例子里的换行只是为了方便排版.</para>
</sect3>
</sect2>
More information about the svnbook-dev
mailing list