|
From: | Julian Opificius |
Subject: | Re: Problem with admin privileges |
Date: | Mon, 27 Jun 2005 13:47:32 -0500 |
User-agent: | Mozilla Thunderbird 1.0.2 (Windows/20050317) |
Larry Jones wrote:
Julian Opificius writes:I'm not quite sure what you mean by "mapping" users.Using the third field of the CVSROOT/passwd file to have the server run as some user other than the actual user.
Yep, that's what I am/was doing.
I have one more issue that affects my choice that I should have mentioned earlier. We are working in an FAA-regulated environment, and my CVS respository must be secure, in that nobody can impair the lifecycle data, and all accesses must be documented and controlled, i.e.e all accesses must be via the cvs server. This is why I chose pserver in the first place.I want each user to have his own login to the system, and I want to control access to CVS repositories on a per-user basis, which is why I use pserver.There's no need to use pserver for that. In fact, pserver is a giant security hole that is best avoided. Since you're giving your users ssh access to the server anyway, the best thing for you to do is to use :ext: mode with ssh rather than rsh (which should be the default if you're running CVS 1.12). Each user logs in as themselves and you canthen use ordinary file permissions to control who has access to what. See the manual for details:<https://www.cvshome.org/docs/manual/cvs-1.11.20/cvs_2.html#SEC13> -Larry Jones
How can I maintain this level of integrity without pserver: keeping the repository itself inaccessible, while allowing write access through cvs?
j.
[Prev in Thread] | Current Thread | [Next in Thread] |