[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Using password file for pserver user authentication

From: Miller Dale Contractor HQ AFWA
Subject: RE: Using password file for pserver user authentication
Date: Fri, 15 Feb 2002 15:18:49 -0600

George Schlitz wrote:

> I am using the $CVSROOT/CVSROOT/passwd file to store login 
> information for
> many users who don't have user accounts on the unix server.
> Here are some examples:
> user1:rFw.zb2Ewn6..:cvsuser
> user2:Mb3Czoc1zMBrU:cvsuser
> user3:Mb3Czoc1zMBrU:cvsuser
> I am using several administrative files (taginfo, commitinfo 
> et. al.) to
> kick off scripts to perform various kinds of validation.
> In this example, $USER always expands to "cvsuser" in these 
> scripts.  Is
> there any way to determine the login name- for example, I 
> want to determine
> that the current user is "user1" so that I can differentiate 
> between my
> non-system-account cvs users.
> Are there any variables set that can provide this information 
> to the admin
> files?
> Basically, I want to be able to allow users to access the CVS 
> repository
> without having to manage unix logons, but still control 
> different levels of
> controls/permissions for these users on a module by module basis.
> Thanks!
> George


I restrict people from being able to commit to CVSROOT by using commitinfo.

I added the following line to commitinfo:
CVSROOT $CVSROOT/CVSROOT/commitinfo_ckuser -user=$USER

I added commitinfo_ckuser in checkoutlist so that it is available with the
other administrative files.

And my commitinfo_ckuser program looks like the following:
----------------------  < cut here > ----------------------------------
#!/usr/local/bin/perl -ws
# commitinfo_ckuser    D.Miller
#   called by commitinfo
#  $Id: commitinfo_ckuser,v 1.6 2000/09/20 16:06:46 miller Exp $
#  This program is called by $CVSROOT/CVSROOT/commitinfo
#  and is used to verify if user is authorized for changing CVSROOT
#  so that commit to CVSROOT files can be restricted
#  The logfile is not used at this time.

$user    = $ENV{"USER"} unless defined $user;
$CVSROOT = $ENV{"CVSROOT"} unless defined $CVSROOT;
$logfile = "$CVSROOT/CVSROOT/commitinfo_ckuser.log" unless defined $logfile;

print "\$CVSROOT=$CVSROOT\n";

%authorized = ($user =>0,        #prevent uninitialized variable
               'miller' =>1,     #authorized users for CVSROOT checkin
               'heuston' =>1,
               'cmbuild' =>1,
               'cmvmgr' =>1,
               'brodzell' =>1

($repository, @files) = @ARGV;

$ck_user = @ck_user = getpwnam $user;  # checking if user exists locally

if ($repository =~ /$CVSROOT\/CVSROOT/) {
    if (($authorized{$user} == 0) || ($ck_user == 0)) {
        print "You are not authorized to commit CVSROOT files.\n";
        exit 1;    # <<<<----------------------<<<<<<<<<<<

exit 0;            # <<<<----------------------<<<<<<<<<<<

# current date and time
$sec = $mday = $mday = $wday = $wday = $yday = $isdst = 0;  #not used
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =
$date = sprintf("%4d%02d%02s-%02d:%02d", ($year + 1900), ($mon + 1), $mday,

open(LOGFILE, ">>$logfile") or die "Cannot append to $logfile: $!\n";

print LOGFILE "$date $user $repository @files\n";

----------------------  < cut here > ----------------------------------
I currently have the log file code turned off.
This version has a hard coded list of authorized users, however, I have also
it by checking the users group.  This version also checks if a person has a
using:   $ck_user = @ck_user = getpwnam $user;  # checking if user exists

If none of your users have local accounts you could use that method and have
hard coded authorized list.

Dale Miller

reply via email to

[Prev in Thread] Current Thread [Next in Thread]