info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS newbie - I want to make a new CVS installation secure...

From: Flossie
Subject: Re: CVS newbie - I want to make a new CVS installation secure...
Date: Wed, 19 May 2004 15:08:55 +1200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 
1) However the first real problem I have is that a CVSROOT folder
appeared locally - this must have been created automatically in the
/usr/local/cvsroot folder. This has all sorts of files with settings
for controlling various CVS behaviour.
a) I don't want CVS users to be able to change these


Use a commitinfo trigger. See
http://www.cvshome.org/docs/manual/cvs-1.12.7/cvs_18.html#SEC169
Good grief, maybe I'm missing the point here? I had a look - this feature implies that you can write some fancy script to verify that the code being committed confirms to all the rules we laid out in the config files in the CVSROOT folder. I.e do a ton or reg-ex stuff to verify that each file is ok?? That could be a huge amount of work. I simply want to 'lock away' from the user access to any config changes they may otherwise me able to make in the files in the CVSROOT folder. 


You will need to consider that CVSROOT/history and CVSROOT/val-tags
typically need to be updated by users, otherwise, sure you can make it
impossible for them to create a lock in the CVSROOT directory in which
case attempts to do a 'cvs checkout' will give them a potentially more
confusing message than you are trying to protect them from in any case.
Probably not a CVS issue, but you may have some comments - TortoiseCVS docs seem rather out-of-date; many areas refer to 'checkout', but I have not seen 'checkout' once in any of the context-sensitive menus. A lot of what they suggest (WRTO checkouts) therefore seems unacheivable. 


3) Can I stop the general users from performing things like code
branching? Stop them from removing files?


Yes. See http://www.cvshome.org/docs/manual/cvs-1.12.7/cvs_18.html#SEC176
for taginfo as well as the info on commitinfo from the link provided
in answer to #1.a.
I cannot see any hint in this section as to how I can stop users from creating branches, removing files, etc. Nor can I see how it relates to commitinfo (unless you auto-create a tag when someone commits to CVS, but that's not what I'm wanting here). 
Perhaps you could elaborate?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]