[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with admin privileges
|
From: |
Todd Denniston |
|
Subject: |
Re: Problem with admin privileges |
|
Date: |
Tue, 05 Jul 2005 14:00:15 -0500 |
Julian Opificius wrote:
>
<SNIP>
> Thanks for this input!
>
> The problem is that each of these articles achieve their intended
> results by restricting commands to "cvs". I don't want to do that: my
> CVS users are my engineering department members with legitimate logins.
> It's only access to the CVS repositories that I have to control. PServer
> through ssh does exactly what I want in that regard.
>
Big question: What do you think using :pserver: at this point, gain you and
your users over just :ext: over ssh?
Because they already have (and will continue to have) valid system shell
login, from here it only looks like more admin trouble to setup and maintain
pserver, plus it probably reduces the authentication or authorization you
had from the ssh and system level, especially when a new pserver hole comes
out.
> I have solved most of my admin problem by running admin users as their
> themselves using $CVSROOT/CVSROOT/passwd entries like this:
> "username:password"
> rather than as the global cvs user:
> "username:password:cvs"
<SNIP>
Why use the $CVSROOT/CVSROOT/passwd at all, just use the system
authentication fallback, it SHOULD make your life easier because only the
system level auth files need scrubbed when someone leaves not the system
level AND all the cvs repos.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter