info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is a multiple pserver possible?


From: Greg A. Woods
Subject: Re: Is a multiple pserver possible?
Date: Tue, 6 Jan 2004 21:28:11 -0500 (EST)

[ On Tuesday, January 6, 2004 at 15:08:55 (-0800), Anne Henmi wrote: ]
> Subject: Re: Is a multiple pserver possible?
>
> Here's the kicker.. he wants to have an "anonymous" user for each
> project (with the username "proj1", "proj2", etc) for accessing each
> separate repository.

Well it is possible to provide anonymous SSH access, even in such a way
that "cvs server" is the only command the remote user is allowed to
execute, though the exact details on how to configure this are specific
to the SSH server implementation you use (and I don't have them handy at
my fingertips for either well known implementation :-).  Being that
"anonymous" is not synonymous with "secure" most of the SSH folks don't
work very hard to make it obvious how to do, though if I remember
correctly anonymous CVS access to the OpenSSH source is itself available
thorough an anonymous SSH account (as is OpenBSD).

Note that if by "anonymous access" you really do mean "anonymous public
access" then that should always be provided through a dedicated machine
which hosts a frequently updated replica of the real repository, not the
machine where real users do their commits.  That's the only really safe
way to set up a truly read-only anonymous service.  :-)

> Ok, so how do you setup all sorts of anonymous accounts on a per project
> basis using SSH?

Well presumably you'd only have one anonymous account -- anonymous is
anonymous, so it doesn't matter which repository "they" access since you
don't know who "they" are in the first place.  :-)

You could have multiple "anonymous" accounts though if you really wanted
-- they just need different usernames.

Normally remote anonymous users would do the same as "real" users in
order to set the path to the appropriate repository.  (regardless which
"anonymous" account they use, as I don't think there's any secure way to
ensure a given SSH account can only use a specific repository, unless
maybe your SSH server can put itself into a per-user chroot/jail, though
that's definitely going to complicate things unnecessarily)

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <address@hidden>
Planix, Inc. <address@hidden>          Secrets of the Weird <address@hidden>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]