[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patches: cvs --allow-root=/blah server
From: |
Jan Grant |
Subject: |
Re: Patches: cvs --allow-root=/blah server |
Date: |
Tue, 3 Apr 2001 09:57:13 +0100 (BST) |
On Tue, 3 Apr 2001, Jan Grant wrote:
> On Mon, 2 Apr 2001, Larry Jones wrote:
>
> > Jan Grant writes:
> > >
> > > I'm a bit stumped as to where patches for this should go. We're looking
> > > at running CVS here using :ext:-mode access and ssh, and using sshd's
> > >
> > > command="cvs --allow-root=/blah server"
> > >
> > > option to limit people to only runing CVS.
> >
> > Since sshd ends up running as the real user, why don't you just use Unix
> > permissions to restrict people to the appropriate repositories?
>
> In riposte, can I ask: why does pserver need --allow-root?
>
> (a) defense in depth; (b) paranoia; (c) it's simpler; (d) there's a
> limit to the number of groups that a person can be in*.
Oh, and POLA: --allow-root is listed as a "general option"; if it
doesn't apply to anything except pserver then it ought to be made a
pserver-specific option.
--
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 address@hidden
Unfortunately, I have a very good idea how fast my keys are moving.