info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Repository access question...


From: Olav Lindkjølen
Subject: Re: Repository access question...
Date: Thu, 24 Jan 2002 23:40:46 +0100
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

Close, but I do not completely agree:

- Admin group cvs-- nobody else, create an unpriviledged admin role user cvs
- Set (almost, see next line) all files under $CVSROOT/CVSROOT to cvs:cvs
- set $CVSROOT to cvs:public 0750, $CVSROOT/history, val-tags to 0660
cvs:public - Each company has a separate, unique group
- Each company requiring access to "public" modules also be in the same
public group
- Set the group sticky bit on for each module, according to public/private
rules,
  that is 2770 for the (private) group.
- Users can change their own umask, but if you force it, do so to 027
- Set up the readers and writers acl's-- assuming you're using v1.10.8 or
higher.
  This will enable you to allow read-only checkouts of the public module(s).
  See cvs_acls.pl  in the contrib section of the sources for this.
- DO NOT use pserver-- under any circumstances as it's not safe.

Disclaimer: I think this is all...

=============================
Thanks for the detailed answer!

I have lived in a M$ Windoze env. for entirely too long now. Due to software development for clients I still have to do my work in Windoze, but i'm slowly catching up on my linux knowledge.

I'm not used to the linux file permission system. I learn new things every day! I have a server up and running here at the office that runs about every server there is just to learn how things work in Linux. Havent connected it to the net yet though. Have some cleaning up on the security to do before I do that. That's why I need help getting on the right track.

Ok, I think i get most of what you're saying. Probably have to read up on a couple of things, but most of it sounds understandable.

Now for the trick question: If I am not going to use pserver, what is the easiest to set up, and most secure? Remember, users thats going to work with the source have never seen CVS or any tool like it before. So I think about using Tortoise CVS for the day to day use from windoze because its easy to use. What about the alternative to pserver? SSH? Kerberos? Tunneling? (I recently learned alot of fancy words...(hehe) :-) I have SSH, CygWin, and Putty on my windoze box. Tortoise CVS comes with SSH via a DOS window...and you have to punch in the password for every CVS command. Thats not very user friendly for people totally blank on CVS and SSH and linux. Must be a better way (easier for the users).

Thanks again!
Olav!




reply via email to

[Prev in Thread] Current Thread [Next in Thread]