[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ANN: cvssh - secure ext-to-pserver bridge

From: Peter Ring
Subject: RE: ANN: cvssh - secure ext-to-pserver bridge
Date: Fri, 22 Feb 2002 10:28:16 +0100

Please share!

While we are at it, are there any practical way with CVS on Linux (i.e.,
without ACLs) to control access on a per-file basis?

We need to control access on files that cannot (i.e., CANNOT) be logically
arranged into disjunct directories. So I can't rely on the usual mechanism
with a number of project groups, sticky bits on directories in the
repository, and direcories and files owned by project groups.

Is *info scripts the way to go? It's easy enough to control commits, but I
can't find an obvious way to prevent checkout or update from getting
everything. Except by somehow controlling the group owner of each individual

This is not Fort Knox, mind you, we just have to take reasonable measures
that good citizens cannot compromise each other.

It would be a lot easier if I could rely on ACLs supported by the
filesystem. Oh, but wait; it comes to my mind that we do have servers
running a filesystem with ACLs ... It's just that we don't like them exposed
outside the firewall.

Kind regards
Peter Ring

-----Original Message-----
From: address@hidden [mailto:address@hidden Behalf Of
Douglas Finkle
Sent: 22. februar 2002 04:17
To: 'address@hidden'
Subject: RE: ANN: cvssh - secure ext-to-pserver bridge

Sorry, I've gotta jump in for a minute... Greg is right about
SSH v pserver, however.

<snip />

Well, key management is a bit of work, and so is setting up a
well hardened cvs server. The key mgmt part it's easily scripted.
If I had more than a dozen users that's what I'd advise scripting
the administration.

I'm actually completing a setup aas described, and will be happy
to share it w/ the list when I have a bit more time. I just wanted
to add my 0.02 in defense of the SSH solution. For an externally
facing server it's the only sane thing to do.


Info-cvs mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]