info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to programmatically restrict a /bin/rm command in a repository?


From: Rob Helmer
Subject: Re: How to programmatically restrict a /bin/rm command in a repository?
Date: Wed, 3 Sep 2003 13:00:37 -0700
User-agent: Mutt/1.3.28i

Yeesh. Have you explained why this is wrong, that they are losing
history when they do this, and the potential for irreversable accidents? 
It's better to rule by consensus than by fiat.. not to say you can't
persuade them to agree with you AND refuse to allow them full access.

Is it acceptable to remove their regular login shell? They are 
obviously abusing their access, and if so it makes this restriction
pretty easy.

The only command they need to be able to run to access the CVS
server via SSH is "cvs server". You could make a pretty trivial
shell script that's used as a login shell, which only allows
that command to be executed.



HTH,
Rob


On Tue, Sep 02, 2003 at 05:24:53PM -0400, Christopher Rumpf wrote:
> Hi there.
> 
>  
> 
> I have some developers who simply refuse to use the 'cvs rm', 'cvs delete'
> and 'cvs remove' commands.  Instead they log into the CVS server (using
> SSH), cd into the repository and /bin/rm the ,v files which they are
> concerned about.  (yikes!)
> 
>  
> 
> Removing their cvs write permissions is not a solution which will work as
> most of these people are major contributors.
> 
>  
> 
> Has anyone encountered this before and how did you solve it?  The only way I
> can think (right now) is to write  a script that will run for every single
> /bin/rm command which will first make sure that the repository path is not
> in the path to be deleted.  This seems very inefficient.
> 
>  
> 
> Is there an easier way using UNIX groups and/or some other Unix admin
> command or trick I don't know of?
> 
>  
> 
> Thanks!
> 
>  
> 
> /* ---
> 
>      Christopher Rumpf
> 
>      786.385.3892:MOBILE
> 
>      305.860.4461:FAX
> 
>      MrRumpf:YIM
> 
> --- */
> 
>  
> 

> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs





reply via email to

[Prev in Thread] Current Thread [Next in Thread]