Re: Security issues

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security issues

From:	Rob Helmer
Subject:	Re: Security issues
Date:	Tue, 10 Apr 2001 11:50:43 -0700
User-agent:	Mutt/1.2.5i

Hello,


Here is how I do it with SSH and no ACLs, just UNIX groups :

seperate repository for seperate groups, for example :
/var/cvs/db
/var/cvs/src
/var/cvs/doc

They are actualy seperate repositories with their own CVSROOT,
this way things like email notification will go to people who
care ;)

a db group, a dev group and a doc group would probably be
logical for the above.. perms would be 2770 or so for each
directory in each repository ( rwx,rws, )

Users who need access to a given repository are given a UNIX
account and are members of whatever group(s) they need to
be in.



HTH,
Rob Helmer

On Tue, Apr 10, 2001 at 10:02:36AM -0500, address@hidden wrote:
> Noel,
> 
> My group was recently enquiring into the possibility of implementing 
> some sort of CVS security. Would you mind giving some brief examples of 
> the kinds of things you can do with:
> 
> SSH
> ACLs
> 
> I'm just looking for a little more detail than you provide below. This 
> will help me get my research pointed in the right direction. Thanks
> 
> Chuck
> 
> 
> 
> > Depending on the details of your needs, you can look into the 
> > following:
> > 1. Use SSH.  This allows a secure (encrypted, authenticated, 
> > ...) login to the
> > CVS server.  You can also limit users to executing CVS only.
> > 2. Use file system ACLs.  This allows several different 
> > groups/users to have
> > different permissions (to control checkin/checkout) within 
> > the repository.
> > 3. Use separate repositories.  You've already mentioned this 
> > so I won't go into
> > it further.
> > 4. Use pserver.  I'm not too familiar with this approach but 
> > I've never run into
> > anything the above doesn't cover.
> > 
> > Noel
> > 
> > 
> > 
> > 
> > address@hidden on 2001.04.10 08:44:55
> > 
> > To:   address@hidden
> > cc:   (bcc: Noel L Yap)
> > Subject:  Security issues
> > 
> > 
> > 
> > 
> > 
> > Hello list,
> > 
> > now I have my CVS infrastructure growing bigger, several
> > departments are using it, and aparently there is requirement
> > for security. I need to restrict departments also there will be
> > WebEdit interface running for more public people.
> > 
> > Its not clear how to implement security inside CVS repository,
> > by using accesslists? How to make CVS understand them?
> > I'd like to keep singe CVS server.
> > Also I'm not sure about possibility to have several repositories
> > on one server, it looks like the easiest way to go though.
> > 
> > Any experience doing this? Patches, scripts?
> > Help greatly appreciated!
> > 
> > -Nils J
> > 
> > 
> > 
> > 
> >

[Prev in Thread]

Current Thread

[Next in Thread]

Security issues, Nils Jakobson, 2001/04/10
- Re: Security issues, Noel L Yap, 2001/04/10
- RE: Security issues, Chuck . Irvine, 2001/04/10
  - Re: Security issues, Rob Helmer <=
  - RE: Security issues, Greg A. Woods, 2001/04/10
- RE: Security issues, Noel L Yap, 2001/04/10

Prev by Date: File added;deleted;re added-commit error
Next by Date: RE: NEWBIE -- needs help in moving directories from one repositor y to
Previous by thread: RE: Security issues
Next by thread: RE: Security issues
Index(es):
- Date
- Thread