[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security options :-(
From: |
Todd Denniston |
Subject: |
Re: Security options :-( |
Date: |
Tue, 17 Dec 2002 10:28:50 -0500 |
Phil R Lawrence wrote:
>
> Satya Prasad DV wrote:
> >
> > At 02:32 PM12/17/2002, Mike Ayers wrote:
> >
> >> Here's a bit of a challenge for the list. We need to set up
> >> a CVS repository on a Linux server such that the users can't
> >> modify the files, except through proper CVS operations. The
> >> catch? They are currently permitted to log into the server.
> >
> > The cvs user id and group id need to be different from all
> > other login users. And set permissions for repository such
> > that the cvs user and group only are given write
> > permissions. This should suffice
>
> And then what? Use pserver to map the existing user ids to the cvs id?
>
> I have been trying to figure out a secure way to set this thing up, but
> each way seems to have big drawbacks.
>
> Method 1
> description:
> - users SSH into existing accounts.
> - repository has group permissions that allow users to
> check in and out, etc.
>
> drawback:
> - users can modify the history files, because they are
> located in the same dir as source files. Audit function
> is thus compromised.
If I have understood Greg correctly this drawback can be nullified, by telling
SSH to only let you execute one command 'cvs'. man sshd, search for
'command='.
And combine that with filesystem permissions (and ACLs?) on each of the
modules/directories/CVSROOTs to get finer granularity of your access control.
--
I'd crawl over an acre of 'Visual This++' and 'Integrated Development
That' to get to gcc, Emacs, and gdb. Thank you.
-- Vance Petree, Virginia Power
- Security setup, Mike Ayers, 2002/12/17
- Re: Security setup, Larry Jones, 2002/12/17
- Re: Security setup, Phil R Lawrence, 2002/12/17
- Re: Security setup, Larry Jones, 2002/12/17
- Re: Security setup, Phil R Lawrence, 2002/12/17
- Re: Security setup, Larry Jones, 2002/12/17
- Re: Security setup, Mike Ayers, 2002/12/18
- Re: Security setup, Larry Jones, 2002/12/18