[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS newbie - I want to make a new CVS installation secure...
From: |
Flossie |
Subject: |
CVS newbie - I want to make a new CVS installation secure... |
Date: |
Mon, 17 May 2004 18:06:27 +1200 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 |
Hi, I'm new to CVS - at least from a setup perspective (I've only been a
bystander before now). I have some things that I want to configure to be
more secure than they currently are - first, here's what I've done so far:
I have a new Mandrake Linux 10.0 installation, CVS installed following
the conventional recommendations. In particular:
CVSROOT=/usr/local/cvsroot
I've set up several users, made them members of a cvs group, etc etc.
My client is TortoiseCVS running on windows XP. The first thing I did
was create locally c:\Projects, which is the local root point which will
correspond to CVSROOT. Within that, I created (as a test) a folder
called 'current'.
Then I did my first test - do a cvs checkout, pointing at the cvs root
(/usr/local/cvsroot) - of course I didn't expect anything to happen
since no files are yet in the repository. First scare came when my local
'current' directory disappeared - turns out TortoiseCVS is set to 'Prune
empty folders' - probably the worst preset ever for newbie users! ;-)
1) However the first real problem I have is that a CVSROOT folder
appeared locally - this must have been created automatically in the
/usr/local/cvsroot folder. This has all sorts of files with settings for
controlling various CVS behaviour.
a) I don't want CVS users to be able to change these
b) Neither do I want them to see all this and wonder what it's all about.
How do I stop the CVSROOT folder from being checked out when a user
wants to get the whole cvs tree? (How do I hide it?) Or can I safely
change the permissions in some way so their CVS checkout doesn't have
access?
2) I'm suprised how much CVS docs emphasise the fact that multiple users
can check out the same file and CVS can resolve conflicts as checkins
occur. However there are problems with letting users resolve conflicts
(they can get it wrong), and I doubt a system can be 100% foolproof at
deciding that an auto-merge is safe (in which case CVS can get it
wrong), although the chances of error are very small.
There are other reasons, but basically, can I disable multiple checkouts?
3) Can I stop the general users from performing things like code
branching? Stop them from removing files?
Are there any other tips on tightening up CVS security? Not security in
the sense of SSH, etc, but once a user is 'in', limiting what they can do?
Thanks in advance...
- CVS newbie - I want to make a new CVS installation secure...,
Flossie <=