Re: Security options :-(

[Todd Denniston]

Phil R Lawrence wrote:
> 
> Satya Prasad DV wrote:
> >
> > At 02:32 PM12/17/2002, Mike Ayers wrote:
> >
>  >> Here's a bit of a challenge for the list.  We need to set up
>  >> a CVS repository on a Linux server such that the users can't
>  >> modify the files, except through proper CVS operations.  The
>  >> catch?  They are currently permitted to log into the server.
> >
> > The cvs user id and group id need to be different from all
>  > other login users. And set permissions for repository such
>  > that the cvs user and group only are given write
>  > permissions. This should suffice
> 
> And then what?  Use pserver to map the existing user ids to the cvs id?
> 
> I have been trying to figure out a secure way to set this thing up, but
> each way seems to have big drawbacks.
> 
> Method 1
>    description:
>    - users SSH into existing accounts.
>    - repository has group permissions that allow users to
>      check in and out, etc.
> 
>    drawback:
>    - users can modify the history files, because they are
>      located in the same dir as source files.  Audit function
>      is thus compromised.

If I have understood Greg correctly this drawback can be nullified, by telling
SSH to only let you execute one command 'cvs'.  man sshd, search for
'command='.


And combine that with filesystem permissions (and ACLs?) on each of the
modules/directories/CVSROOTs to get finer granularity of your access control.

-- 
I'd crawl over an acre of 'Visual This++' and 'Integrated Development
That' to get to gcc, Emacs, and gdb.  Thank you.
        -- Vance Petree, Virginia Power