[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how to implement user level security in cvs ?

From: Noel Yap
Subject: Re: how to implement user level security in cvs ?
Date: Wed, 15 May 2002 08:38:27 -0700 (PDT)

--- Muhammad Shakeel
<address@hidden> wrote:
> Thanks a lot for quick and valuable reply. I
> implemented the ACL but  
> did not implemented ACL on file level. Therefore on
> file level i had 
> given a read permission to others (r--r--r--) by
> setting CVSUMASK. 

Be careful that you're not turning off file execute
bits for scripts.

> Therefore the folders also got the read permission
> in others field. Is 
> this only read permission can make any security risk
> ?

Read perms for other is only a security risk if you
the info within the repository is so confidential that
others on the system should not be able to see it.

> It seems without 
> execute permission on a folder no one can access the
> files inside that 
> folder.

Yes, as I think I stated in my previous email, execute
permissions will be necessary for anyone who needs
access to the repository.

>  Yes, It is important to refresh the ACL after
> checkin, because CVS 
> changes the file ownership and group information to
> the one who checked 
> in the file.

File ownership doesn't matter, really (except for
being able to change file permissions).  The file
permissions are more important.

> Also the PreservePermission in
> CVSROOT/config file does 
> seems to be properly implemented.

Don't use it.  I've think I've heard it's so bad that
it should be ripped out.

>  From the last paragraph of ur reply shows files
> level ACL is also 
> required. Should we need to implement ACL for files
> too ? Is any 
> referece script for loginfo ACL is available ?

File-level permissioning is necessary to guarantee
that those that need read permissions get them (of
course, you could grant read permissions to everyone
if you don't think your stuff is that confidential). 
It's also important to preserve the execute bit (CVS
does this automatically for normal permissions, but
not for ACLs).

I'll see if I can dig up my script.


Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience

reply via email to

[Prev in Thread] Current Thread [Next in Thread]