I am writing a webapplication in which users are able to execute git, bzr, and hg commands on the server. Basically, a user writes the git/bzr/hg command into a html form, hits a button, the command is sent to the server, and executed in the directory the user owns.
How can I make this secure? I need to be able to execute a bash command which can only access and change one specific directory. And preferably, the directory in which the command is execute should not contain additional files. I think this is necessary for chroot.
As always with user input, check it before passing it further to any command.
You can try running the commands in a restricted shell (bash -r), which prevents a few things.
The safer, though more complex, solution, is of course a chroot or even better a virtual machine.