[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security in cvs

From: Rob Helmer
Subject: Re: security in cvs
Date: Mon, 26 Mar 2001 08:38:00 -0800
User-agent: Mutt/1.2.5i


Well, CVSWeb can be configured to hide modules, and you can
restrict _access_ to a directory by using regular UNIX groups.

However, I don't think there's a way to hide a directory from
the client.

Also, note that the above will cause errors to be displayed on the
client everytime they do a top-level update or commit or tag.

If I want to restrict some files from some users and not from
others, I use UNIX groups and seperate modules, for example :

Let's say I have two groups, cvs and dev. All developers are
in both groups, everyone else is just in cvs.

The $CVSROOT is /var/cvs, I make these modules :

/var/cvs/dev ( only users in the dev group can access it )
/var/cvs/doc ( only users in the cvs group can access it, in other words 
everyone )

You can set up two CVSWeb CGIs, one that hides the dev dir
in it's conf file and one that doesn't ( maybe you could be
clever and use env variables to point to one of two conf
files instead of using two CGIs ;)

Put a password on the dev one and leave the doc one open.

If I understand your situation, this should help.
If I don't please explain.

Rob Helmer

On Mon, Mar 26, 2001 at 10:26:47AM -0000, address@hidden wrote:
> Hello! I have a problem with the secutity in cvs. I am using Red Had 
> Linux as server of cvs with ssh and wincvs on winnt as client. I use 
> cvsweb for see el repository in the web. All work well. My problem is 
> can control the permissions on the user. Permissions of read only or 
> permissions of write only. There are folder that it can be see it and 
> I want not to that it see it. Can you hel me?
> _______________________________________________
> Info-cvs mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]