RE: New update to the CVS ACL patch to support user groups

[Noel L Yap]

>I see a difference between handing out a shell account that has write access to
>the repository directory structure and someone cracking pserver to give them a
>shell with such access. With pserver I have some assurance. However with people
>with real accounts with UNIX write access to the repository, I have no
>assurance. How do you track/monitor (in a prevent mode) activities of rm, cp,
>mv, vi, chmod, etc... in the repository for people who just login to the system
>and don't use CVS commands and have other legit reasons for being on the
>server?

I think you would log all file system write accesses to the repo.  I'm not a
sysadmin so I'm hoping Greg will supply the details.

Anyway, this is assuming you're not using SSH to limit their commands to CVS.
If you do so, it'll have the same features as pserver (except for the ease of
admin) but will have better security.

If you create your own RSH-like transport for CVS then you can limit commands to
CVS only (you can even hard code this limitation), forego security (as with
pserver), and gain easy admin.  Of course, depending on how well you know this
stuff, it may be a large initial investment.

>I have it setup now with pserver, readonly access to repository directory
>structure, no attempts made at preventing shell access to the server.

Then the only deterrent not to go with a shared SSH account solution would be
the initial learning curve.

>Having real accounts is fine by me, I prefer not to maintain the passwd file.
>But developers do not want them and the SA's would create them (in their own
>time), but would balk at having to maintain setup and onging changes to group
>memberships, then I would have to maintain sticky bits on new directories
>developers create all the time. With pserver I don't have to worry about sticky
>bits or group memberships (or even unix accounts ;).

SA's wouldn't have to maintain group accounts (except possibly for new users) if
you used ACL's.

The maintainance of ACL's and sticky bits can be done via a loginfo script.

I just found that the CygWin project uses pserver.  This probably doesn't say
much about its security, but it does provide a live site for hackers to try
their skills.

Noel



This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.