Re: CVS newbie - I want to make a new CVS installation secure...

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Flossie <address@hidden> writes:

> Hi, I'm new to CVS - at least from a setup perspective (I've only been
> a bystander before now). I have some things that I want to configure
> to be more secure than they currently are - first, here's what I've
> done so far:
> I have a new Mandrake Linux 10.0 installation, CVS installed following
> the conventional recommendations. In particular:
>      CVSROOT=/usr/local/cvsroot
> I've set up several users, made them members of a cvs group, etc etc.
> 
> My client is TortoiseCVS running on windows XP. The first thing I did
> was create locally c:\Projects, which is the local root point which
> will correspond to CVSROOT. Within that, I created (as a test) a
> folder called 'current'.
> Then I did my first test - do a cvs checkout, pointing at the cvs root
> (/usr/local/cvsroot) - of course I didn't expect anything to happen
> since no files are yet in the repository. First scare came when my
> local 'current' directory disappeared - turns out TortoiseCVS is set
> to 'Prune empty folders' - probably the worst preset ever for newbie
> users! ;-)
> 
> 1) However the first real problem I have is that a CVSROOT folder
> appeared locally - this must have been created automatically in the
> /usr/local/cvsroot folder. This has all sorts of files with settings
> for controlling various CVS behaviour.

Yes.

> a) I don't want CVS users to be able to change these

Use a commitinfo trigger. See
http://www.cvshome.org/docs/manual/cvs-1.12.7/cvs_18.html#SEC169

> b) Neither do I want them to see all this and wonder what it's all about.

Why?

> How do I stop the CVSROOT folder from being checked out when a user
> wants to get the whole cvs tree? (How do I hide it?) Or can I safely
> change the permissions in some way so their CVS checkout doesn't have
> access?

You will need to consider that CVSROOT/history and CVSROOT/val-tags
typically need to be updated by users, otherwise, sure you can make it
impossible for them to create a lock in the CVSROOT directory in which
case attempts to do a 'cvs checkout' will give them a potentially more
confusing message than you are trying to protect them from in any case.

> 2) I'm suprised how much CVS docs emphasise the fact that multiple
> users can check out the same file and CVS can resolve conflicts as
> checkins occur. However there are problems with letting users resolve
> conflicts (they can get it wrong), and I doubt a system can be 100%
> foolproof at deciding that an auto-merge is safe (in which case CVS
> can get it wrong), although the chances of error are very small.
> There are other reasons, but basically, can I disable multiple checkouts?

No.

> 3) Can I stop the general users from performing things like code
> branching? Stop them from removing files?

Yes. See http://www.cvshome.org/docs/manual/cvs-1.12.7/cvs_18.html#SEC176
for taginfo as well as the info on commitinfo from the link provided
in answer to #1.a.

> Are there any other tips on tightening up CVS security? Not security
> in the sense of SSH, etc, but once a user is 'in', limiting what they
> can do?

Possibly, but as near as I can tell from your questions, you probably
do not want to use cvs for your source control system.

        Good luck,
        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFAqGIa3x41pRYZE/gRAu8HAJ9gUYF5+tcC2yad2c7CwBAnD2WKeACfYQNc
BBqB5Dx9Jkd9awsku9TN46U=
=eUUf
-----END PGP SIGNATURE-----