RE: CVS access control

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS access control

From:	Andrew McGhee
Subject:	RE: CVS access control
Date:	Thu, 27 Sep 2001 16:09:27 +0100

Is this of use to this argument?
http://members.home.net/minyard/cvs-thoughts.html

We've found Corey's ACL patches work well for what we want - but we still
don't have a good "encrypted" connection yet to our server (pserver
operation,
this allows us to keep the CVS server running as "non-root", and keeps
accounts
off the unix machine itself)

I'm keen to hear what is recommended, we where toying with
the idea of SSH tunnelling to a pserver CVS server - if this is
even possible - ?

Regards,
Andrew

-----Original Message-----
From: address@hidden [mailto:address@hidden
Sent: 27 September 2001 02:22
To: address@hidden
Subject: Re: CVS access control


[ On Thursday, September 27, 2001 at 03:04:22 (+0400), Tobias Brox wrote: ]
> Subject: Re: CVS access control
>
> I'd say it would even be better off without password authentication at all
> (and use pserver only where public access is wanted).

Me too!   :-)  [[ PLEASE!!!! ]]

> Sorry for beeing unclear.  pserver and ssh does the authentication (who
are
> you?).  When I say "access control", I'm thinking of authorization (who
> should be able to do what).  I do think that authentication is out of the
> scope of CVS (ok, pserver _is_ already a part of CVS ... but anyway ...). 

CVS is not a security tool -- it simply manages a bunch of files.  You
do not want to even think about trying to make CVS into a security tool
-- that would be bad design and any implementation would inevitably be
doomed to ultimate failure since it could not, by definition, meet the
design goals.

I.e. CVS has no business doing anything related to access control,
authentication, authorisation, or anything related.

Use your OS to implement security policy and CVS will (have to) honour
your policy -- why make it any more complicated than that, since that's
all that's really necessary.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <address@hidden>     <address@hidden>
Planix, Inc. <address@hidden>;   Secrets of the Weird <address@hidden>

_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs

[Prev in Thread]

Current Thread

[Next in Thread]

Re: CVS access control, (continued)
- Re: CVS access control, yap_noel, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/26
  - Re: CVS access control, Tobias Brox, 2001/09/26
    - Re: CVS access control, Greg A. Woods, 2001/09/26
  - Re: CVS access control, Greg A. Woods, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/26
  - Re: CVS access control, Greg A. Woods, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/27
- RE: CVS access control, Andrew McGhee <=
  - Re: CVS access control, Tobias Brox, 2001/09/27
  - RE: CVS access control, Greg A. Woods, 2001/09/27
- Re: CVS access control, Tobias Brox, 2001/09/27
  - Re: CVS access control, Greg A. Woods, 2001/09/27
    - Re: CVS access control, Tobias Brox, 2001/09/28
    - Re: CVS access control, Greg A. Woods, 2001/09/28
    - Re: CVS access control, Tobias Brox, 2001/09/29
    - Re: CVS access control, James Youngman, 2001/09/29
- RE: CVS access control, Andrew McGhee, 2001/09/27
  - Re: CVS access control, Tobias Brox, 2001/09/27

Prev by Date: Re: get conflict files
Next by Date: Re: AW: loginproblem using the pserver-method
Previous by thread: Re: CVS access control
Next by thread: Re: CVS access control
Index(es):
- Date
- Thread