Re: ssh authentication; readers/writers/passwd

[Brandon Craig Rhodes]

Chris Palmer <address@hidden> writes:

> Under [the pserver] model, is all access controlled solely via the
> unix system permissions, or can I also control things with the
> CVSHOME/readers, writers, passwd files?  I am hoping that these are
> still used by CVS even if I'm not using the pserver authentication
> system.

Coming in through ssh normally dodges the CVS access control files.
Imagine how annoying this would become if your site wanted to offer
both ssh and pserver password access - you would have to duplicate the
same set of permissions in your Unix filesystem hierarchy and in the
`readers' and `writers' files!

If you are comfortable patching your CVS server, this is easy to
change.  The `readers' and `writers' files are consulted by the
server.c:check_command_legal_p(...) function whenever the variable
`CVS_Username' is set - which normally occurs only when using pserver,
when it finds an alias in the `passwd' file.  But you can simply
rewrite the function to use the user's login name instead if it finds
that `CVS_Username' is unset - this way, when he comes in through ssh,
he will still be searched for in `readers' and `writers'.

If you are willing to run such a modified server, but cannot write
this patch on your own, let me know and I will write and post a patch
to do it this evening.

-- 
Brandon Craig Rhodes                         http://www.rhodesmill.org/brandon
Georgia Tech                                            address@hidden