info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: File ownership

From: Gagneet Singh
Subject: RE: File ownership
Date: Tue, 4 Nov 2003 09:27:19 +0530 
Hi!

The repository files are marked according to the user who logins into
the CVS server for making commits. But before that the user has to
checkout the files in his/her name and then only can he check them in.
The other way for a user to do this is to use a script to change all his
local settings and then commit them in another users name.

But, first of all what type of authentication are you using. Is it the
'pserevr' type?? If so then are you using the system passwd file or the
CVS passwd file? In both the cases, is the user allowed to change his
passwords or do all the users have separate passwords??  

As any user having the password of another user can make commits on the
users name. But, this is done intentionally only and not accidently. It
can happen accidently only when the user is logged on to the repository
on hois system and forgets to logoff before leaving and leaves his
system also on to be accessed by others.

A definite way to check on this is to take note of the time the problem
occurred, from the CVS file commit time and then confront the user on
his whereabouts at that time. Currently there is nothing else that youy
can do... 

Or till the time someone gives a better suggestion...  ;-))

You can put this up in the cvsgui mailing list also at
address@hidden

Gagneet

|-----Original Message-----
|From: address@hidden 
|[mailto:address@hidden On Behalf 
|Of Mark Jaffe
|Sent: Tuesday, 04 November, 2003 6:49 AM
|To: CVS Mailing List
|Subject: File ownership
|
|
|While browsing one of our repositories, I came across a part 
|of the tree that did not belong where it was. It appeared as 
|if one of the developers had done an import into the tree from 
|her work area (the top of the checkin was CVS_WORK which was a 
|locally-defined convention.) I noticed the file ownership and 
|contacted the developer, who denied even needing to work in 
|this part of the tree. 
|
|How would it be possible for the files to be marked as owned 
|by that user if she did not check them in? Is it possible we 
|cannot trust the CVS server to write the files properly? It 
|would not be prudent for another developer to use someone 
|else's login account, but would that be possible?
|
|CVS server is 1.11.9  on Solaris and users are all using 
|WinCVS 1.13.10 pserver authentication.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]