[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security options :-(

From: Phil R Lawrence
Subject: Security options :-(
Date: Tue, 17 Dec 2002 08:44:26 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Satya Prasad DV wrote:

At 02:32 PM12/17/2002, Mike Ayers wrote:

>> Here's a bit of a challenge for the list.  We need to set up
>> a CVS repository on a Linux server such that the users can't
>> modify the files, except through proper CVS operations.  The
>> catch?  They are currently permitted to log into the server.

The cvs user id and group id need to be different from all
> other login users. And set permissions for repository such
> that the cvs user and group only are given write
> permissions. This should suffice

And then what?  Use pserver to map the existing user ids to the cvs id?

I have been trying to figure out a secure way to set this thing up, but each way seems to have big drawbacks.

Method 1
  - users SSH into existing accounts.
  - repository has group permissions that allow users to
    check in and out, etc.

  - users can modify the history files, because they are
    located in the same dir as source files.  Audit function
    is thus compromised.

Method 2
   - pserver via SSH

   - "any CVSpserver user can trivially spoof any other
     at several levels." --Greg A. Woods
     Thus audit function is again compromised.

Can anyone elaborate or correct this?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]