[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS, SSH, (Light) Security

From: Richard Caley
Subject: CVS, SSH, (Light) Security
Date: Thu, 07 Mar 2002 14:12:01 GMT
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/20.4 (Emerald)

[sorry if you see this twice, my first attempt seemed to go into
 nowhere at a time when my ISP ws having problems]

I have a repository which is, for firewall and other practical
reasons) accessible only by ssh (ie CVS_RSH=ssh and :ext: repository

I would like to give some people read only access. Preferrably only to 
some modules.

CVS provides no support, as it does for pserver.

I can't, so far as I can see, use file permissions, users need write
acess to the repository to make lockfiles etc all over the place.

The best temporary solution I have been able to come up with is a
combination of

        Give them ssh access with a restricted shell that only allows
        cvs seerver to be run.

        Create a commit test which fails for that user (Actually I do
        it based on groups).

This is ugly and only partially works. Eg they can play with tags and
probably other potentially damaging things. For the current user this
is not a problem, I am really only trying to prevent accidental
errors, but in future I think I am loikely to need more. 

Does anyone have a better solution?

Mail me as address@hidden        _O_

reply via email to

[Prev in Thread] Current Thread [Next in Thread]