Re: server->pserver proxy?

[Gary Funck]

On 01/25/08 06:19:12, Arthur Barrett wrote:
> 
> Is your question "How do I store two repositories on a server with
> different users able to access different repos?"
> 
> The simplest way to achieve that is with two --allow_root's and set the
> filesystem level ownership and permissions on the files.

I've got a pretty good handle on how --allow-root might work, and we
presently utilize users/groups to enforce some level of access control.

I prefer something like the pserver protocol because it has
per repository access control that is separate from the system's
idea of users and groups, and it makes it possible to manage
CVS access using CVS-related files/tools only.

> 
> If you need to get fancier then use the cvsacls script from the contrib
> directory.

I looked at that and a few other add ons.  Seemed somewhat clunky
and complex.

> 
> If you need to get fancier still then use CVSNT (free/GPL just like CVS
> and yes it runs on unix/linux/windows/mac) and use the 'chacl' command
> with ACLmode=normal.

OK.  I haven't looked into CVSNT.  Thanks for the tip.

> 
> Also: using pserver over the internet for write access is discouraged
> since the password is sent in plan text.

Understood, that's why I grativated towards a server->pserver
conversion.  The server side is accessed via the ssh and
the external network.  The pserver protocol is accessed only
on the internal network (this shares a similar philosophy with
with the ssh port forwarding to pserver solution).

> CVSNT has a 'sserver' protocol which is an encrypted version
> of pserver.

This sounds like it will fit the bill.  Thanks.

How well supported, and widely used is CVSNT?  It doesn't
seem to be readily available via the usual collection of
repositories as an FC8 rpm for example.

  - Gary