[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Silly question about CVS and permissions

From: Todd Denniston
Subject: Re: Silly question about CVS and permissions
Date: Mon, 18 Apr 2005 14:15:23 -0500

Michaelis, Daniel writes:
> This is a multi-part message in MIME format.Please do not send MIME and/or 
> HTML encrypted messages to the list.
Plain text only, PLEASE!
> there doesn't seem to be anything that prevents User1 
> from going into the ProjectDir1/bin directory and 
> removing file2 (which is owned by User2). 
1) the users should not be working directly in the repository except in very
rare cases and should be approved for doing the work there, this should be a
stated company policy.
2) if you are using ssh, ssh can be configured to limit the commands allowed
to be ran by the user(except if the user figures out a hole in the programs
they are allowed to run, see the next item).
3) if the user is violating company policy, whether or not that involves
breaking another program, discipline appropriately.

> I've kludged a solution, which is to set the setuid 
> flag on the cvs executable, but I've seen a number 
> of posts that indicate that isn't a wise move, and 
This sounds like a pserver problem, and if you are worried about security,
you don't use pserver.

> 1.Is it the design of CVS that any user that needs 
> to check in/out files must have read/write 
> permission on all of the directories into which 
> he/she can check in files 
> (meaning that he/she has remove permission 
> at the O/S level within these directories)? If so, I'll 
> stop trying to solve this problem. 


>   2.Are my (CVS/Repository missing) messages related 
> to the setuid that I've done on the cvs executable? 

Unknown, which method are you using to login? 
what does `echo $CVSROOT` return or what are you passing after `cvs -d`?

>   3.If the previous is true, is that because setuid is
>  truly not supported for the cvs executable, or is it 
> something that I've misconfigured? 

>   4.If there is a way to prevent destruction of files, 
> and it is not through setuid, what is the method by 
> which I would accomplish this? 

The users should only be accessing the repository through cvs.
The company should make a written policy that the users will only access the
repository through cvs.
The users should be trained that they should only access the repository
through cvs, and that it is company policy.
The company should only (I hope this is common sense) higher and retain
employees who can understand and follow company policies regarding
destruction of company property(code base in this case).

technology can help a little here, keep the cvs repository on a machine
which has been setup for ssh access and has ssh access limited to running
cvs, for all but administrative people.

Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane) 
Harnessing the Power of Technology for the Warfighter

reply via email to

[Prev in Thread] Current Thread [Next in Thread]