[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to programmatically restrict a /bin/rm command in a repository?

From: Eric Siegerman
Subject: Re: How to programmatically restrict a /bin/rm command in a repository?
Date: Wed, 3 Sep 2003 17:01:45 -0400
User-agent: Mutt/1.2.5i

On Tue, Sep 02, 2003 at 05:24:53PM -0400, Christopher Rumpf wrote:
> I have some developers who simply refuse to use the 'cvs rm', 'cvs delete'
> and 'cvs remove' commands.  Instead they log into the CVS server (using
> SSH), cd into the repository and /bin/rm the ,v files which they are
> concerned about.  (yikes!)

Configure SSH to prevent them from getting interactive sessions.
Restrict these bozos to exactly one command: "cvs server".

> The only way I
> can think (right now) is to write  a script that will run for every single
> /bin/rm command which will first make sure that the repository path is not
> in the path to be deleted.  This seems very inefficient.

And hopelessly insecure.  What's to prevent them from going
behind your script's back to the real rm command -- or writing
their own delete-file command?


|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        address@hidden
|  |  /
When I came back around from the dark side, there in front of me would
be the landing area where the crew was, and the Earth, all in the view
of my window. I couldn't help but think that there in front of me was
all of humanity, except me.
        - Michael Collins, Apollo 11 Command Module Pilot

reply via email to

[Prev in Thread] Current Thread [Next in Thread]