bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new authentication mode


From: Derek Robert Price
Subject: Re: new authentication mode
Date: Wed, 31 Jul 2002 22:20:28 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606

Markus Grabner wrote:

Am Dienstag, 30. Juli 2002 00:12 schrieben Sie:
                                               [...] Our modified CVS
server checks for the system password if "+" is given in CVSROOT/passwd
instead of the encrypted password
Vielleicht uebersehe ich ja was, aber:

Fuer "echte" Benutzer sind doch gar keine CVSROOT/passwd-Eintraege noetig.
Die werden ganz normal ueber ihr System-Passwort authentifiziert.
(Es sei denn, CVSROOT/config sagt:   SystemAuth=No, das ist aber
eher ungewoehnlich.)
The question was what this is good for since "real" users are authenticated by their system password and don't need a CVSROOT/passwd entry.

That's right, but if more persons want to use the same archive and some access restrictions should apply on a per-propject basis, the recommended way in CVS to do so is to map the CVS user ids of all project membes to a unique system user. Currently this also requires to specify a password for each CVS user (or omit it to allow the user to access the repository without authentication). The new code makes it possible to map user ids (e.g., for project management purposes), but still to use system authentication. This avoids having to manually update the CVSROOT/passwd file each time a user changes its password. We faced some problems organizing several CVS projects at our site (different student classes, research projects etc.). Our first attempt was to use Unix' standard user/group management, but this failed since CVS doesn't care about group ids (unlike, e.g., Samba, which does a perfect job on this). Indeed, I

I'm not quite sure what you're talking about. CVS handles UNIX group IDs just fine, though on Linux systems you have to set the directory setgid bit for the repository. `man chmod' for more, but basically, `chmod g+s', and then use UNIX groups as you'd probably expect. From <http://www.cvshome.org/docs/manual/cvs_2.html#SEC13>:

All `,v' files are created read-only, and you should not change the permission of those files. The directories inside the repository should be writable by the persons that have permission to modify the files in each directory. This normally means that you must create a UNIX group (see group(5)) consisting of the persons that are to edit the files in a project, and set up the repository so that it is that group that owns the directory. (On some systems, you also need to set the set-group-ID-on-execution bit on the repository directories (see chmod(1)) so that newly-created files and directories get the group-ID of the parent directory rather than that of the current process.)


Derek

--
               *8^)

Email: address@hidden
Public key available from www.keyserver.net - Key ID 5ECF1609
Fingerprint 511D DCD9 04CE 48A9 CC07  A421 BFBF 5CC2 56A6 AB0E

Get CVS support at http://ximbiot.com
--
"I tried to think but nothing happened!"
           - Curly






reply via email to

[Prev in Thread] Current Thread [Next in Thread]