[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security setup

From: Phil R Lawrence
Subject: Re: Security setup
Date: Tue, 17 Dec 2002 11:38:46 -0500
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020826

Larry Jones wrote:
Phil R Lawrence writes:

Perhaps I'm naive, but the recent posts describing local accounts (e.g. cvsphil) with no shell and ssh access to only the cvs command sound promising.

Do you see anything specifically flawed with this approach?

Once you're connected to a pserver, it's a fairly simple process to get
it to execute arbitrary commands for you; giving someone pserver access
is equivalent to giving them shell access.

Right... so this approach does not use pserver. Developers SSH to special user accounts with no shell. SSH is set up to only allow the cvs command. Access rights to various projects are determined by group membership instead of by pserver.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]