Reputation: 13
How to give an SSH user being used by Bitbucket pipelines, access to only a specific directory?
I am using bitbucket pipelines for CI/CD for our Laravel projects. I have successfully set up my bitbucket pipelines to automatically deploy to our digital ocean VPS, the pipelines first ssh into our server and then execute the deploy.sh shell script, already present on the VPS which pulls all the changes from the repo.
Now everything works perfectly, but I want to restrict the SSH users being used by the pipelines to only have access to the specific directory where the project is placed and not the entire server as then all users will be able to run pipelines and upload a deploy.sh to along with a push and execute commands on our server. Is there any way to protect our server against this and only restrict ssh to a specific directory only?
Upvotes: 1
Views: 434
Answers (1)
Reputation: 352
Common way of doing this in multi-user system is chroot-jail. However, for a VPS you can simply create a new user for pipelines. Store your deploy.sh in the home directory of this user, and deploy the project as well in the home directory of pipeline user.
Upvotes: 1
Related Questions
- How to give write permission only to bitbucket-pipelines user in bitbucket
- Bitbucket Pipeline ssh response is No such file or directory
- Bitbucket Pipeline - Pull/Push code using SSH Key without Permission denied
- How to enable access control with SSH access to Bitbucket?
- Grant access to one repository for one specific user on BitBucket
- How can I give a single user access to just to specific branches on BitBucket?
- How to give a group write access to a Bitbucket repository via shell command line
- Bitbucket Pipelines SSH credentials do not work
- How to control user access to Bitbucket through Git?
- git : restrict access to specific folder for some users in bitbucket