[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restricting use of 'cvs rtag' & 'cvs tag' commands [2nd try]

From: Frederic Brehm
Subject: Re: Restricting use of 'cvs rtag' & 'cvs tag' commands [2nd try]
Date: Wed, 23 Feb 2005 15:32:31 -0500
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Install cvs in a different place than the version you are using.

Make a script named cvs in the current location of cvs. That script should 
check the cvs commands vs. valid users. If everything is OK, then it should 
invoke the new cvs in the new place with the arguments passed to it.

This won't protect you from truly malicious developers who invoke cvs directly 
from the new location, but you probably have already fired those people from 
your project. :-)


David Leskovac wrote:
[I sent this msg 10 days ago & noone responded. So, I'm trying again.]


We are currently using an ancient version of CVS (1.11.1p1) on a rather old Linux server 
(Red Hat 6). I intend to upgrade to CVS 1.11.19 & eventually upgrade the Linux OS. In 
the course of our CVS upgrade discussion we started discussing how to increase security 
with regards to CVS access. I am aware of the cvsacls script that provides fairly 
fine-grained permissions to do check-ins but is there also a way of restricting who is 
allowed to do certain cvs commands? In particular, we would like to restrict who can 
create/delete tags & branch tags. Is it possible to restrict 'cvs tag' & 'cvs rtag' 
on a user or group level?


Info-cvs mailing list

Frederic W. Brehm, Sarnoff Corporation,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]