[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: twisted CVS
|
From: |
Mark |
|
Subject: |
Re: twisted CVS |
|
Date: |
Wed, 14 Aug 2002 06:28:37 -0700 (PDT) |
--- Noel Yap <address@hidden> wrote:
> Huh? From my experience, there is no maintenance of
> the SGID bit -- just set it and forget it (can I be
> sued for using this phrase? :-)
I prefer users not have write access to the physical repository filesystem or
have the repository dictate requirements on the user for access, such as
requiring an OS account or belonging to a specfic group (especially as
devlopers come and go between groups in the company). Maybe there isn't allot
of maintenance setting up a SGID setup, but I prefer not to have to mess SGID
setups, personal preference I guess.
> Moreover, since pserver doesn't run as the user,
> tracability is compromised. Somehow, pserver has to
> know who is doing a checkin. This information has to
> come from the client. Wouldn't clients be able to
> spoof a username?
Don't know how to spoof a username, but all actions in the CVS repository are
attributed to the logged in user, not to the non-root pserver account. I know
this isn't the absolute most possible secure setup of CVS, but the setup in on
a intranet and users are trusted. I think this setup is sufficient to keep
honest people honest.
Mark
__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com