info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with admin privileges


From: Julian Opificius
Subject: Re: Problem with admin privileges
Date: Mon, 27 Jun 2005 13:47:32 -0500
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

Larry Jones wrote:
Julian Opificius writes:

I'm not quite sure what you mean by "mapping" users.


Using the third field of the CVSROOT/passwd file to have the server run
as some user other than the actual user.

Yep, that's what I am/was doing.

I want each user to have his own login to the system, and I want to control access to CVS repositories on a per-user basis, which is why I use pserver.


There's no need to use pserver for that.  In fact, pserver is a giant
security hole that is best avoided.  Since you're giving your users ssh
access to the server anyway, the best thing for you to do is to use
:ext: mode with ssh rather than rsh (which should be the default if
you're running CVS 1.12).  Each user logs in as themselves and you can
then use ordinary file permissions to control who has access to what. See the manual for details:

        <https://www.cvshome.org/docs/manual/cvs-1.11.20/cvs_2.html#SEC13>

-Larry Jones

I have one more issue that affects my choice that I should have mentioned earlier. We are working in an FAA-regulated environment, and my CVS respository must be secure, in that nobody can impair the lifecycle data, and all accesses must be documented and controlled, i.e.e all accesses must be via the cvs server. This is why I chose pserver in the first place.

How can I maintain this level of integrity without pserver: keeping the repository itself inaccessible, while allowing write access through cvs?

j.






reply via email to

[Prev in Thread] Current Thread [Next in Thread]