[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: --allow-root and init via SSH

From: Stephan Feder
Subject: Re: --allow-root and init via SSH
Date: Thu, 13 Dec 2001 12:27:43 +0100

Hi Greg,

what I meant was specifying --allow-root on the server side. Otherwise
users could easily circumvent the restriction. If you specify :ext: on
the client side the ssh server just calls <login> -c 'cvs server'
(<login> is your shell as in /etc/passwd). What I did is entering my own
little program in /etc/passwd which, if called with the arguments
mentioned above executes 'cvs --allow-root <repository> server' but this
does not have any effect. There is a patch available for that problem
(just search the list archive) but AFAIK it is not incorporated into the
mainstream sources.


Gerhard Sittig wrote:
> On Tue, Dec 11, 2001 at 13:12 -0500, Larry Jones wrote:
> > Greg A. Woods writes:
> > >
> > > > Is --allow-root evaluated for "cvs server" in the current development
> > > > version, or is it at least on the todo list?
> > >
> > > Now you're really asking for trouble.  [ ... slight misreading :) ... ]
> >
> > He was speaking of the CVS --allow-root= option that specifies (for
> > pserver) what the allowable CVSROOT directories are.
> So, *is* the --allow-root option evaluated for the "cvs server"
> case?  I did a very quick test lately trying to restrict access
> to one of two repos but still was allowed to access both of them.
> Since I'm not absolutely positive that I did everything right,
> could somebody please verify or deny that it's worth to try this
> combo (":ext:" plus "--allow-root")?
> BTW:  This would be one reason less pushing people towards the
> :pserver: method.  And being ortoghonal(sp?) cannot be wrong. :>
> virtually yours   82D1 9B9C 01DC 4FB4 D7B4  61BE 3F49 4F77 72DE DA76
> Gerhard Sittig   true | mail -s "get gpg key" address@hidden
> --
>      If you don't understand or are scared by any of the above
>              ask your parents or an adult to help you.
> _______________________________________________
> Info-cvs mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]