info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs over ssh with multiple users

From: Izo
Subject: Re: cvs over ssh with multiple users
Date: Mon, 28 Jun 2004 09:54:28 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 


Chris_V wrote:

Hello list,

this is my problem:
I have a user account on a linux machine and we can use CVS on it using the ssh protocol for security reasons (ext). This works fine for me and I can log in using my account username and account password. Now, how can I give access to this CVS repository to other people with other usernames and passwords (so I need not to give them my account password)? On the WWW I can't find the answers I'm looking for. Does anyone has a solution to this problem? BTW: pserver isn't supported by the server. 

Kind regards

Chris
I am writing all this because you did not specify whether you have not started the :pserver: service on the host system or the service is simply firewalled out. If later, described way works perfectly.
I am tunneling the pserver port through the ssh having every user its own account on the frontend/firewalled machine: 

Administration steps (assuming you having the superuser rights)

1. create /CVS-rootdir/CVSROOT/passwd with following structure:
cvsuser1:hashed_password1:fake_user
cvsuser2:hashed_password2:fake_user

2. chown -R the CVS-rootdir as fake_user


CVS user steps:
3. ssh -L2401:CVS-server:2401 address@hidden (tunneling the cvspserver port through ssh, using the host machine user account, different for each user, SSH session should persist during CVS session)
4. CVSROOT=:pserver:address@hidden:/CVS-rootdir (use localhost since cvspserver is felt as being run on the client's workstation when tunneled through the ssh)
5. cvs login (using separate user/pwd administered in the CVSROOT/passwd file)
Now, the base system file attributes have the fake_user permissions and thus you gain various possibilities to create the CVS internal groups by using one or more fake_user-s as group selectors, independently to the base system user/group settings.
Using :ext: protocol I could have never achieved such functionality vs. security since the CVS tends to create 444/755 (file/dir) attributes on-to the repository by default. It is also true that I have not thouroughly studied the contents and function of the CVSROOT administrative files so it could still be possible to make it with :ext: I may be also interested in the way to do it that way.
To generate hashed_passwords you simply copy the codes from /etc/shadow file (assumming you have superuser rights on the CVS hosting system) or use the script you find following the links below to have CVS passwords different from the host system ones to rise the security level (I am even using the different user sets - everybody has two different user/pwd sets, one for base system auth. and another to acces the CVS repositories) 

https://ccvs.cvshome.org/fom/cache/168.html
http://www.ics.mq.edu.au/cts/notes/using_cvs/crypttext.html


I hope it helps !

Izo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]