bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs user, cvs password


From: Derek Robert Price
Subject: Re: cvs user, cvs password
Date: Tue, 13 Aug 2002 08:58:34 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606

Comments below.

Andrey Aristarkhov wrote:

Hi all!

Some years ago I had a lot of administering issues with users who wanted
to change their password for CVS. As a result I've wrote cvspassword
program to allow such users change password via web. After some period of time I've rewrite the program to add commands
"user" and "pass(word)" to cvs.

Find README file for my project at the bottom of this message. I can
also post my implementation files and patches to CVS code.

Regards,
Andrey Aristarkhov
BiTechnology
README file for cvs user/pass(word) commands
------------------------------------------------------------------------
----
 cvs user & cvs pass(word) commands implementation
 Author: Andrey Aristarkhov <address@hidden>
------------------------------------------------------------------------
----

Introduction
============

Usage: cvs user <[-a | -m | -d] username> [-u alias] [-p | -P password]
       -a|-m|-d        'add', 'modify' or 'delete' user respectively
       -u      Use "alias" to specify system user for cvs-user.
       -P      Use "password" to specify user password in a command
line OR
       -p      enter user password interactively


Usage: cvs password [username]
       If no "username" is given password will be set for the current
user
       "username"      Use it if you want to change password for the
specified user

CVS' command "user" is intended to simplify user management within CVS
repository. It works with administrative file $CVSROOT/CVSROOT/passwd to
add/delete/modify users.

CVS' command "password" is intended to allow users change their own
passwords to CVS repository. Note: "user" and "password" commands work
only
with CVS users listed in passwd file. There is no way to change password
for
system users by means of these commands.

These commands have simplest security restrictions and considerations:
0. There must be a user named "admin" in CVS repository who has full
rights to
modify users in the CVS repository.


Why add a new user? Why not use the UNIX `cvsadmin' group like the `cvs admin' command does: <http://www.cvshome.org/docs/manual/cvs_16.html#SEC119>?

Even better would be a permissions API that accepts some token representing the action (say a string "name"), and a list of data, then returns true or false and maybe an error message, but that's probably too much to hope for at the moment. :)

`cvs passwd' would be available to all users, so it makes sense that it be given a full command namespace, but does it make sense to make `cvs user' its own command rather than part of the the `cvs admin' command? You could use the existing `cvsadmin' group restriction for free then, I think.

Of course, if added, `user' should be restricted regardless of the existance of the `cvsadmin' group, so maybe the extra work would be necessary anyhow.

1. Only administrator can add and delete users.
2. Only administrator can change user alias.
3. User's password can be changed either by CVS Administrator or by a
person who
knows current user's CVS password.

Known issues
============
There is no way to add user "admin" to CVS' user list via cvs user
command.
This user should be added manually.

To-Do List
==========
1. Test cvs user & pass(word) command for various platforms. Current
version
is tested under FreeBSD 4.3-RELEASE.
2. "user" command should take additional paramters: Email and Name of
user to
add it to CVSROOT/notify admin file.
3. Write cvspasswd - standalone wrapper program around user/password
functions. (Currently is under development)

I'll add some more comments to the patches.

Derek

--
               *8^)

Email: address@hidden

Get CVS support at http://ximbiot.com
--
Man who run in front of car get tired.







reply via email to

[Prev in Thread] Current Thread [Next in Thread]