[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: restrict access to modules/repositories in cvsweb
From: |
Martin Neitzel |
Subject: |
Re: restrict access to modules/repositories in cvsweb |
Date: |
Thu, 2 Nov 2000 21:56:33 +0100 (CET) |
DR> I've set up several repositories and installed cvsweb to browse them.
DR> In CVS (client/server) the access to the repositories is restricted to
DR> project groups. The access to cvsweb is controlled via apache. By this
DR> way cvsweb can recognize the user's identidy, but I can't differ
DR> between all the repositories.
In particular, the cvsweb cgi is still running as "the apache daemon",
not the (identified) user.
DR> Is there a way to restrict cvsweb's access to these repositories, e.g.
DR> by checking the repository's CVSROOT/passwd file?
I'd say: By all means, don't even try to go that route.
The common Apache add-on "suexec" might be the best answer for your problem, but
since these things should be done only when necessary, here are some second
thoughts from my side:
I must also that a little bit surprised by this kind of request.
In my eyes, cvsweb is not at all the tool of choice for "project
members". For a start, you can only "diff" single files, not entire
(sub) projects.
Cvsweb.cgi is fine for undiscriminated read-only browsing
of a repository;
cvsweb.cgi is fine for answering the occassional question
about process on a specific problem in a huge project (like,
say, an entire BSD system) where you cannot afford to
checkout the entire tree and browsing is just fine;
cvsweb.cgi is fine for giving people a (partial) glimpse
of CVS's capabilities.
cvsweb.cgi is fine for suckering people into using the Real
Thing: cvs.
I may be totally wrong, but maybe you are just barking up the wrong tree?
Martin Neitzel