info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with admin privileges

From: Julian Opificius
Subject: Re: Problem with admin privileges
Date: Thu, 07 Jul 2005 08:43:07 -0500
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) 
Todd Denniston wrote:

<CLIP>



The only reason I am using pserver is that it allows my users to have
CVAS controlled access to the respositories without giving them dierct
write access to them. If you can suggest another way of doing that, I'd
be glad to use it.



As Far As I Know, you are correct, but at best you are only protecting them
from a fat fingering while in the repository and do not have malicious
intent. The first rule of the repository for users should be that if you are
not the admin you never execute any non cvs command against it. The first
rule of the repository for admins is back it up appropriately, as
hardware/network/software faults can damage the work.  With these two rules,
I believe you should have at least as good a set of protection as pserver
would get you, because you don't have developers with malicious intent and
who follow the rules :}


Pretty much true: if it isn't, I've got worse problems :)


As long as the developers are using only :ext: cvs commands against the
repository, I believe you should still be able to meet your FAA
requirements:
"FAA-regulated environment, and my CVS respository must be secure, in that
nobody can impair the lifecycle data, and all accesses must be documented
and controlled,  i.e.e all accesses must be via the cvs server."

but would be counting on the backups to prevent you from loosing any
"lifecycle data", which is what you would be back to if they were looking at
you with strictness when there is a known hole in pserver.

In final, Yes using pserver will probably make it easier to "show" up front
that everything meets the requirements, but in the past it has been the bain
of security with cvs. I belive you are in the middle ground between the
"restricted execution of CVS" Mark D. Baushke told you about, and the
trusting developers ground of :ext: on a system they can execute more than
cvs on.  I further belive that you are only mildly protected from what you
worry about, using your method.  Where as one of the "restricted execution
of CVS" would probably allow much more of the FAA level security lock down
and logging.
if you want further reading I suggest searching the list's archive for Greg Woods AND pserver OR Greg Woods AND authentication AND|OR authorization. 

I think the horse is dead, so I'll stop beating.

<SNIP>
Well I think the horse has completed the track, and I think we've won the race, inasmuch as I have "fat-finger" protection, which is all I "need": I am backing up, after all, as you suggest (and as insisted upon by our friends at the FAA, in fact), and the backup includes logs, so I'm meeting the obligation.
There is rarely a perfect solution for "special needs" situations such as this, but I think I've got the closest practical solution, and as long as my local FAA officer is happy, then so am I.
Todd, you obviously spent plenty of time thinking and writing. Thank you very much for your opinions, insight and help. 

julian.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]