[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is a multiple pserver possible?

From: Kaz Kylheku
Subject: Re: Is a multiple pserver possible?
Date: Tue, 6 Jan 2004 18:56:11 -0800 (PST)

On Tue, 6 Jan 2004, Greg A. Woods wrote:

> Date: Tue, 6 Jan 2004 21:28:11 -0500 (EST)
> From: Greg A. Woods <address@hidden>
> Reply-To: CVS-II Discussion Mailing List <address@hidden>
> To: Anne Henmi <address@hidden>
> Cc: CVS-II Discussion Mailing List <address@hidden>
> Subject: Re: Is a multiple pserver possible?
> [ On Tuesday, January 6, 2004 at 15:08:55 (-0800), Anne Henmi wrote: ]
> > Subject: Re: Is a multiple pserver possible?
> >
> > Here's the kicker.. he wants to have an "anonymous" user for each
> > project (with the username "proj1", "proj2", etc) for accessing each
> > separate repository.
> Well it is possible to provide anonymous SSH access, even in such a way
> that "cvs server" is the only command the remote user is allowed to
> execute, though the exact details on how to configure this are specific
> to the SSH server implementation you use (and I don't have them handy at
> my fingertips for either well known implementation :-).

One powerful way to do it is to make the user's login shell a command
validating and filtering shell script. I posted something like that to
Usenet in August 2000. Message-ID: address@hidden

This script indeed only allows ``cvs server'', but it goes one step
beyond that and adds a ``-d <repository>'' parameter before ``server''.
This way the remote user cannot freely specify the repository by
smuggling over a CVSROOT environment variable. You can tie specific
users to specific repositories with a bit more coding. If the user is
``proj1'', you have ``-d /path/to/proj1-cvs'' and so on.

I used this script, or a very similar one, in a real situation. I
wanted to allow only CVS access, file copying (via scp) to and from the
user's home directory only (so the remote users could exchange files
with our team) and listing of the home directory.

Meta-CVS: directory structure versioning; versioned symbolic links;
versioned execute permission; versioned property lists; easy branching
and merging and third party code tracking; all implemented over the
standard CVS command line client --

reply via email to

[Prev in Thread] Current Thread [Next in Thread]