|Subject:||RE: How 2 Secure the repository?|
|Date:||Mon, 11 Mar 2002 11:11:12 -0800|
> Environment: cvs 1.11.1p running on unix. Clients are mostly
> (in-house modifications to prevent password display on the
> plink for ssh connection.
Also, use Pageant on Windows. UNIX will require ssh-agent for
the same functionality.
> Developers have valid login on unix server and are
> members of the cvs and users groups.
> How do I protect the repository from developers modifying or
> deleting code directly without using cvs? Any protection scheme
> we've been able to think of either locks them out completely or
> has loop holes.
You take away login access. Do this by setting their hashed passwd
in /etc/shadow to "NP", and add a line to their SSH authorization file
on the server side to _only_ allow the command 'cvs server'. The
O' Reilly SSH book explains this pretty clearly.
|[Prev in Thread]||Current Thread||[Next in Thread]|