[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS newbie - I want to make a new CVS installation secure...

From: Flossie
Subject: CVS newbie - I want to make a new CVS installation secure...
Date: Mon, 17 May 2004 18:06:27 +1200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

Hi, I'm new to CVS - at least from a setup perspective (I've only been a bystander before now). I have some things that I want to configure to be more secure than they currently are - first, here's what I've done so far: I have a new Mandrake Linux 10.0 installation, CVS installed following the conventional recommendations. In particular:
I've set up several users, made them members of a cvs group, etc etc.

My client is TortoiseCVS running on windows XP. The first thing I did was create locally c:\Projects, which is the local root point which will correspond to CVSROOT. Within that, I created (as a test) a folder called 'current'. Then I did my first test - do a cvs checkout, pointing at the cvs root (/usr/local/cvsroot) - of course I didn't expect anything to happen since no files are yet in the repository. First scare came when my local 'current' directory disappeared - turns out TortoiseCVS is set to 'Prune empty folders' - probably the worst preset ever for newbie users! ;-)

1) However the first real problem I have is that a CVSROOT folder appeared locally - this must have been created automatically in the /usr/local/cvsroot folder. This has all sorts of files with settings for controlling various CVS behaviour.
a) I don't want CVS users to be able to change these
b) Neither do I want them to see all this and wonder what it's all about.
How do I stop the CVSROOT folder from being checked out when a user wants to get the whole cvs tree? (How do I hide it?) Or can I safely change the permissions in some way so their CVS checkout doesn't have access?

2) I'm suprised how much CVS docs emphasise the fact that multiple users can check out the same file and CVS can resolve conflicts as checkins occur. However there are problems with letting users resolve conflicts (they can get it wrong), and I doubt a system can be 100% foolproof at deciding that an auto-merge is safe (in which case CVS can get it wrong), although the chances of error are very small.
There are other reasons, but basically, can I disable multiple checkouts?

3) Can I stop the general users from performing things like code branching? Stop them from removing files?

Are there any other tips on tightening up CVS security? Not security in the sense of SSH, etc, but once a user is 'in', limiting what they can do?

Thanks in advance...

reply via email to

[Prev in Thread] Current Thread [Next in Thread]