Re: twisted CVS

[Noel Yap]

--- Mark <address@hidden> wrote:
> 
> --- Noel Yap <address@hidden> wrote:
> 
> > Huh?  From my experience, there is no maintenance
> of
> > the SGID bit -- just set it and forget it (can I
> be
> > sued for using this phrase? :-)
> 
> I prefer users not have write access to the physical
> repository filesystem or
> have the repository dictate requirements on the user
> for access, such as
> requiring an OS account or belonging to a specfic
> group (especially as
> devlopers come and go between groups in the
> company). Maybe there isn't allot
> of maintenance setting up a SGID setup, but I prefer
> not to have to mess SGID
> setups, personal preference I guess.

This part is a personal preference.

OTOH, if one is talking about security and
hackability, accountability and tracability cannot be
discounted.  Using pserver eliminates any chances of
accountability and tracability which means that it is
insecure and hackable.

> > Moreover, since pserver doesn't run as the user,
> > tracability is compromised.  Somehow, pserver has
> to
> > know who is doing a checkin.  This information has
> to
> > come from the client.  Wouldn't clients be able to
> > spoof a username?
> 
> Don't know how to spoof a username, but all actions
> in the CVS repository are
> attributed to the logged in user, not to the
> non-root pserver account.

How is this done?  In the end, it's up to the client
to transfer that info over to the server.

> I know
> this isn't the absolute most possible secure setup
> of CVS, but the setup in on
> a intranet and users are trusted. I think this setup
> is sufficient to keep
> honest people honest.

I agree.  OTOH, the original poster was asking for
some way to limit the hackability of the repo.

Noel

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com