[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: twisted CVS
From: |
Noel Yap |
Subject: |
Re: twisted CVS |
Date: |
Wed, 14 Aug 2002 05:38:45 -0700 (PDT) |
--- Mark <address@hidden> wrote:
>
> --- Brandon Brinkley <address@hidden> wrote:
>
> > 1. Can CVS be made more hack-proof (e.g. owner
> permissions on RCS files in
> > the CVSROOT)?
>
> create a pserver account, a cvs admin account, a
> cvsrepo group and put only
> those two accounts in that group. run pserver as the
> non-root pserver account,
> create repos (775) with the cvsadmin account. now no
> accounts but these two
> accounts have access to the physical CVS repository
> structure. When you create
> the repo, chmod 755 the CVSROOT directory. All users
> must now use CVS (in
> pserver mode) to change anything in the repository,
> you can use the cvs admin
> account in local mode to change CVSROOT. Sure you
> hav eto maintain a passwd
> file, but I find that easier that maintaining a
> sticky bit/SGID/group balance
> in the repository.
Huh? From my experience, there is no maintenance of
the SGID bit -- just set it and forget it (can I be
sued for using this phrase? :-)
Moreover, since pserver doesn't run as the user,
tracability is compromised. Somehow, pserver has to
know who is doing a checkin. This information has to
come from the client. Wouldn't clients be able to
spoof a username?
Noel
__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com