[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Locking down CVSROOT
From: |
Mark E. Hamilton |
Subject: |
Re: Locking down CVSROOT |
Date: |
Fri, 23 Mar 2007 12:01:55 -0600 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.7.12) Gecko/20050920 |
Jeff,
Jeff Pream wrote:
What is the correct way to tighten security in CVSROOT such that some
in-house contractors would be able to check files out of some projects,
but not be able to mess with any of the cvs scripts? There are some
projects that I do not want the contractors to be able to get to, so for
these I changed group permissions on the project directories within the
repository.
What I would do is to first set the LockDir variable in the
CVSROOT/config file to somewhere world writable
(/var/lock/cvs/<repos_name> is what we use.)
Then to make it so only the user could change the files change the write
permissions on CVSROOT and its contents to be read-only for group and
others:
cd <repos>
chmod -R go-w CVSROOT
If you wanted to have more people than just the user to be able to
change those files you could define a group that those privileged users
were a member of, set the group-id of CVSROOT and its files to that
group, then just make them read-only for others:
cd <repos>
chgrp -R some_admin_group CVSROOT
chmod -R o-w CVSROOT
There are probably other approaches too, that others may chime in with.
--
----------------
Mark E. Hamilton
Orion International Technologies, Inc.
Sandia National Laboratory, NM.
505-844-7666