bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS server patch?


From: Derek Robert Price
Subject: Re: CVS server patch?
Date: Fri, 07 Mar 2003 15:59:20 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

address@hidden wrote:


On our site, we have been using group permissions to make direct repository access (bypassing pserver) impossible as well as keeping users out of CVSROOT.
-Joel



"Derek Robert Price" <address@hidden>

03/07/2003 09:42 AM

To: address@hidden, address@hidden cc: Subject: Re: CVS server patch?



address@hidden wrote:

> Derek,
>
>     I created a patch against ccvs 1.11.5 to permit a cvs password
> file to use system auth for real local users but still setuid for
> repository access.  This means that I can have passwd entries like...
> foo:+:cvsuser
> and user "foo" will still authenticate with the local system but run
> as cvsuser after authenitcation.
>
>   Would this be of use to anyone but me?


Why not just let the executable run as the user in system auth mode?  If
someone has the user's password, couldn't they get a shell account anyhow?


Okay, I don't see why not.  I still have a few questions, though:

Is "+" really consistently a cross platform retricted character in crypt output? What about the longer encryption strings some platforms use now that always start with $1$? Please include documentation links.

With your patch, what happens in the:

   username:+

case (no third field)?

Anyone else have a differing opinion? Keep in mind SystemAuth could still be turned off and maybe always required via the CVSROOT/config file.

Derek

--
               *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
--
I will not conduct my own fire drills.
I will not conduct my own fire drills.
I will not conduct my own fire drills...

         - Bart Simpson on chalkboard, _The Simpsons_






reply via email to

[Prev in Thread] Current Thread [Next in Thread]