[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: File permissions (Was: Re: pserver vs. ssh - performance ...)

From: Noel L Yap
Subject: Re: File permissions (Was: Re: pserver vs. ssh - performance ...)
Date: Tue, 22 May 2001 13:00:49 -0400

I haven't been following this thread so forgive me if I repeat anything.

Along with standard file system permissioning, you may want to see if your file
system supports ACLs (man setfacl and getfacl for more info).

Also, if you use SSH, you can limit the server to CVS access only (see SSH docs
on how to do this), thereby preventing direct access to the repo.


Hugo van der Merwe writes:
> Now I wonder, as any of those users can modify any file in this
> structure, is "trust" the only way I can stop them from messing with my
> other projects?

The way you have things currently set up, yes.

> (Must I create a second repository with different "group
> ownership" for this?)

You don't have to go that far -- you can set the ownership of different
directories in a single repository so that only users in a particular
group can read and/or write them.

> Secondly, with any user being able to modify
> CVSROOT, as what user does the commands get executed, e.g. commit mails
> from commitinfo... these run as the user doing the commit I assume?

That's correct.

> That
> means any user can cause any other user to run an arbitrary command as
> himself... ?

That's also correct.  But CVSROOT is just a directory like any other
directory -- if you change it to be owned by a different group and only
give that group write privilege, then only memebers of that group will
be able to change the files in it.

-Larry Jones

I keep forgetting that rules are only for little nice people. -- Calvin

Info-cvs mailing list

This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]