Re: security question

[Phil R Lawrence]

Steven Tryon wrote:
> On Thu, 2002-12-12 at 10:51, Phil R Lawrence wrote:
>
>>I saw in the docs how to set up pserver and how it can
>>manage read-write permissions.  But I won't run a server
>>without encryption.
>
> We run pserver on a machine behind a firewall and access with redirected
> ports with ssh.
>
> Someone posted on this list a cookbook ssh command to do so...
>
>   ssh address@hidden -L 2401:host.whatever.com:2401
>
> Then set your CVSROOT to point to localhost.

OK.  I can follow the cookbook above for client access from windows and 
linux, but how can I establish that same mapping for developers when 
they are already logged onto the machine with the repository?  i.e., how 
can a developer on localhost log into the pserver using SSH?

Phil

PS: Does this look right?

/etc/passwd:
lskywalk:x:600:600:Luke Skywalker:/home/lskywalk:/bin/bash
cvs-lsky:x:601:601:Luke Skywalker:/home/usr/local/cvs:/bin/false
askywalk:x:600:600:Anakin Skywalker:/home/askywalk:/bin/bash
cvs-asky:x:601:601:Anakin Skywalker:/home/usr/local/cvs:/bin/false

/etc/group:
cvs-fooproj:x:600:cvs-lsky
cvs-barproj:x:600:cvs-lsky,cvs-asky

CVSROOT/passwd:
lskywalk:nnnnnnnnnn:cvs-lsky
askywalk:nnnnnnnnnn:cvs-asky

THEN:
# chgrp -R cvs-fooproj /usr/local/cvs/fooproj
# chmod g+srwx /usr/local/cvs/fooproj
# chmod o+rx /usr/local/cvs/fooproj
# chmod o-w /usr/local/cvs/fooproj