Re: CVS access control

[yap_noel]

>address@hidden - Wed at 10:45:50AM -0400]
>> I'm kind of against this, too, since branch-level permissions don't
afford
>> security at all since the archive file is still writable.
>
>The pserver method is, as for now, the only one that can offer any real
>access controls.  As I understood, cvs users could only access the box in
>question through cvs.

I see nothing wrong with SSH.  Also, from what I've heard, pserver is not
secure.

>cvs.SourceForge.org has also solved this problem somehow; people logging
in
>(through ssh) are only allowed to use cvs.

Exactly, SSH affords better security than pserver.

>Another option is setuid'ness.  CVS is not currently constructed for it,
>anyway it can be considered.

I've tried this (on an experimental basis) and had no problems whatsoever.
But then, how do you control who is able to execute this setgid (I wouldn't
use setuid) cvs?  I used file system ACLs.

>ACL is a bit on the edge, but it could certainly be considered to be
within
>the scope of an advanced version control system.  A paranoid system
manager
>certainly would not give write permission on the ,v-files to ordinary
users.
>They should only be operated through cvs.

I don't think ACLs in this respect should be within the domain of the
version control tool.

I think you don't fully understand how CVS treats file system permissions.
Although permissions on ,v files play some role, the permissions on the
directories are way more important.  The reason is that a new ,v file is
created each time the file is checked in.  I think the permissions on the
new archive file is controlled by the users' umask.

>> The "right" way to do what you want (although I'll admit it's more
>> difficult) is to create a file system that supports versioning.
>
>I wouldn't go there.  Logging transactions (thus offering a rollback
>possibility to any given timestamp), just like for a database, could be
>within the scope of a file system.  Complex version control, like cvs
>offers, is IMHO a bit out of file system scope.  Or maybe not?  Hm!

ClearCase is one example of versioning through the file system.

Noel




This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.