[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: restrict access to modules/repositories in cvsweb

From: Martin Neitzel
Subject: Re: restrict access to modules/repositories in cvsweb
Date: Thu, 2 Nov 2000 21:56:33 +0100 (CET)

DR>     I've set up several repositories and installed cvsweb to browse them.
DR>     In CVS (client/server) the access to the repositories is restricted to
DR>     project groups. The access to cvsweb is controlled via apache. By this
DR>     way cvsweb can recognize the user's identidy, but I can't differ
DR>     between all the repositories.

In particular, the cvsweb cgi is still running as "the apache daemon",
not the (identified) user.

DR>     Is there a way to restrict cvsweb's access to these repositories, e.g.
DR>     by checking the repository's CVSROOT/passwd file?

I'd say:  By all means, don't even try to go that route.

The common Apache add-on "suexec" might be the best answer for your problem, but
since these things should be done only when necessary, here are some second
thoughts from my side:

I must also that a little bit surprised by this kind of request.
In my eyes, cvsweb is not at all the tool of choice for "project
members".  For a start, you can only "diff" single files, not entire
(sub) projects.

        Cvsweb.cgi is fine for undiscriminated read-only browsing
        of a repository;

        cvsweb.cgi is fine for answering the occassional question
        about process on a specific problem in a huge project (like,
        say, an entire BSD system) where you cannot afford to
        checkout the entire tree and browsing is just fine;

        cvsweb.cgi is fine for giving people a (partial) glimpse
        of CVS's capabilities.

        cvsweb.cgi is fine for suckering people into using the Real
        Thing: cvs.

I may be totally wrong, but maybe you are just barking up the wrong tree?

                                                        Martin Neitzel

reply via email to

[Prev in Thread] Current Thread [Next in Thread]