[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security issues
From: |
Rob Helmer |
Subject: |
Re: Security issues |
Date: |
Tue, 10 Apr 2001 11:50:43 -0700 |
User-agent: |
Mutt/1.2.5i |
Hello,
Here is how I do it with SSH and no ACLs, just UNIX groups :
seperate repository for seperate groups, for example :
/var/cvs/db
/var/cvs/src
/var/cvs/doc
They are actualy seperate repositories with their own CVSROOT,
this way things like email notification will go to people who
care ;)
a db group, a dev group and a doc group would probably be
logical for the above.. perms would be 2770 or so for each
directory in each repository ( rwx,rws, )
Users who need access to a given repository are given a UNIX
account and are members of whatever group(s) they need to
be in.
HTH,
Rob Helmer
On Tue, Apr 10, 2001 at 10:02:36AM -0500, address@hidden wrote:
> Noel,
>
> My group was recently enquiring into the possibility of implementing
> some sort of CVS security. Would you mind giving some brief examples of
> the kinds of things you can do with:
>
> SSH
> ACLs
>
> I'm just looking for a little more detail than you provide below. This
> will help me get my research pointed in the right direction. Thanks
>
> Chuck
>
>
>
> > Depending on the details of your needs, you can look into the
> > following:
> > 1. Use SSH. This allows a secure (encrypted, authenticated,
> > ...) login to the
> > CVS server. You can also limit users to executing CVS only.
> > 2. Use file system ACLs. This allows several different
> > groups/users to have
> > different permissions (to control checkin/checkout) within
> > the repository.
> > 3. Use separate repositories. You've already mentioned this
> > so I won't go into
> > it further.
> > 4. Use pserver. I'm not too familiar with this approach but
> > I've never run into
> > anything the above doesn't cover.
> >
> > Noel
> >
> >
> >
> >
> > address@hidden on 2001.04.10 08:44:55
> >
> > To: address@hidden
> > cc: (bcc: Noel L Yap)
> > Subject: Security issues
> >
> >
> >
> >
> >
> > Hello list,
> >
> > now I have my CVS infrastructure growing bigger, several
> > departments are using it, and aparently there is requirement
> > for security. I need to restrict departments also there will be
> > WebEdit interface running for more public people.
> >
> > Its not clear how to implement security inside CVS repository,
> > by using accesslists? How to make CVS understand them?
> > I'd like to keep singe CVS server.
> > Also I'm not sure about possibility to have several repositories
> > on one server, it looks like the easiest way to go though.
> >
> > Any experience doing this? Patches, scripts?
> > Help greatly appreciated!
> >
> > -Nils J
> >
> >
> >
> >
> >