[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Using password file for pserver user authentication
From: |
Miller Dale Contractor HQ AFWA |
Subject: |
RE: Using password file for pserver user authentication |
Date: |
Fri, 15 Feb 2002 15:18:49 -0600 |
George Schlitz wrote:
> I am using the $CVSROOT/CVSROOT/passwd file to store login
> information for
> many users who don't have user accounts on the unix server.
>
> Here are some examples:
> user1:rFw.zb2Ewn6..:cvsuser
> user2:Mb3Czoc1zMBrU:cvsuser
> user3:Mb3Czoc1zMBrU:cvsuser
>
> I am using several administrative files (taginfo, commitinfo
> et. al.) to
> kick off scripts to perform various kinds of validation.
> In this example, $USER always expands to "cvsuser" in these
> scripts. Is
> there any way to determine the login name- for example, I
> want to determine
> that the current user is "user1" so that I can differentiate
> between my
> non-system-account cvs users.
>
> Are there any variables set that can provide this information
> to the admin
> files?
> Basically, I want to be able to allow users to access the CVS
> repository
> without having to manage unix logons, but still control
> different levels of
> controls/permissions for these users on a module by module basis.
>
> Thanks!
> George
George,
I restrict people from being able to commit to CVSROOT by using commitinfo.
I added the following line to commitinfo:
CVSROOT $CVSROOT/CVSROOT/commitinfo_ckuser -user=$USER
I added commitinfo_ckuser in checkoutlist so that it is available with the
other administrative files.
And my commitinfo_ckuser program looks like the following:
---------------------- < cut here > ----------------------------------
#!/usr/local/bin/perl -ws
# commitinfo_ckuser D.Miller
# called by commitinfo
#
# $Id: commitinfo_ckuser,v 1.6 2000/09/20 16:06:46 miller Exp $
#
# This program is called by $CVSROOT/CVSROOT/commitinfo
# and is used to verify if user is authorized for changing CVSROOT
# so that commit to CVSROOT files can be restricted
#
# The logfile is not used at this time.
#
$user = $ENV{"USER"} unless defined $user;
$CVSROOT = $ENV{"CVSROOT"} unless defined $CVSROOT;
$logfile = "$CVSROOT/CVSROOT/commitinfo_ckuser.log" unless defined $logfile;
print "\$CVSROOT=$CVSROOT\n";
%authorized = ($user =>0, #prevent uninitialized variable
'miller' =>1, #authorized users for CVSROOT checkin
'heuston' =>1,
'cmbuild' =>1,
'cmvmgr' =>1,
'brodzell' =>1
);
($repository, @files) = @ARGV;
$ck_user = @ck_user = getpwnam $user; # checking if user exists locally
if ($repository =~ /$CVSROOT\/CVSROOT/) {
if (($authorized{$user} == 0) || ($ck_user == 0)) {
print "You are not authorized to commit CVSROOT files.\n";
exit 1; # <<<<----------------------<<<<<<<<<<<
}
}
exit 0; # <<<<----------------------<<<<<<<<<<<
# current date and time
$sec = $mday = $mday = $wday = $wday = $yday = $isdst = 0; #not used
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =
gmtime(time);
$date = sprintf("%4d%02d%02s-%02d:%02d", ($year + 1900), ($mon + 1), $mday,
$hour,
$min);
open(LOGFILE, ">>$logfile") or die "Cannot append to $logfile: $!\n";
print LOGFILE "$date $user $repository @files\n";
close(LOGFILE);
---------------------- < cut here > ----------------------------------
I currently have the log file code turned off.
This version has a hard coded list of authorized users, however, I have also
done
it by checking the users group. This version also checks if a person has a
local
account
using: $ck_user = @ck_user = getpwnam $user; # checking if user exists
locally
If none of your users have local accounts you could use that method and have
no
hard coded authorized list.
Dale Miller