[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh authentication; readers/writers/passwd

From: Brandon Craig Rhodes
Subject: Re: ssh authentication; readers/writers/passwd
Date: 09 Jul 2002 16:25:55 -0400
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Common Lisp)

Chris Palmer <address@hidden> writes:

> Under [the pserver] model, is all access controlled solely via the
> unix system permissions, or can I also control things with the
> CVSHOME/readers, writers, passwd files?  I am hoping that these are
> still used by CVS even if I'm not using the pserver authentication
> system.

Coming in through ssh normally dodges the CVS access control files.
Imagine how annoying this would become if your site wanted to offer
both ssh and pserver password access - you would have to duplicate the
same set of permissions in your Unix filesystem hierarchy and in the
`readers' and `writers' files!

If you are comfortable patching your CVS server, this is easy to
change.  The `readers' and `writers' files are consulted by the
server.c:check_command_legal_p(...) function whenever the variable
`CVS_Username' is set - which normally occurs only when using pserver,
when it finds an alias in the `passwd' file.  But you can simply
rewrite the function to use the user's login name instead if it finds
that `CVS_Username' is unset - this way, when he comes in through ssh,
he will still be searched for in `readers' and `writers'.

If you are willing to run such a modified server, but cannot write
this patch on your own, let me know and I will write and post a patch
to do it this evening.

Brandon Craig Rhodes               
Georgia Tech                                            address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]