info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patches: cvs --allow-root=/blah server


From: Jan Grant
Subject: Re: Patches: cvs --allow-root=/blah server
Date: Tue, 3 Apr 2001 09:57:13 +0100 (BST)

On Tue, 3 Apr 2001, Jan Grant wrote:

> On Mon, 2 Apr 2001, Larry Jones wrote:
>
> > Jan Grant writes:
> > >
> > > I'm a bit stumped as to where patches for this should go. We're looking
> > > at running CVS here using :ext:-mode access and ssh, and using sshd's
> > >
> > >         command="cvs --allow-root=/blah server"
> > >
> > > option to limit people to only runing CVS.
> >
> > Since sshd ends up running as the real user, why don't you just use Unix
> > permissions to restrict people to the appropriate repositories?
>
> In riposte, can I ask: why does pserver need --allow-root?
>
> (a) defense in depth; (b) paranoia; (c) it's simpler; (d) there's a
> limit to the number of groups that a person can be in*.

Oh, and POLA: --allow-root is listed as a "general option"; if it
doesn't apply to anything except pserver then it ought to be made a
pserver-specific option.

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 address@hidden
Unfortunately, I have a very good idea how fast my keys are moving.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]