info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Block outside connection for an user


From: Arthur Barrett
Subject: RE: Block outside connection for an user
Date: Tue, 16 Jan 2007 08:19:38 +1100

bumpert,

Interesting problem.

In the "contrib" directory of CVS you will find a "cvs_acls" script for 
restricting user access based on file/directory.  CVSNT (free/GPL, Linux, Mac, 
Windows etc) has a "cvs chacl" command that achieves the same result.

I'd normally recommend any IP address rules to be implemented in the firewall - 
but unless your firewall understands the CVS protocol that's going to be 
difficult in this case.

If this was to be looked at in terms of a "feature change" the only way I could 
think of (easily) approaching it would be to automatically assign certain IP 
addresses to different groups.  eg: 192.168.2.* is assigned to the group 
"localuser" and all others to "remoteuser", then you can set up ACL's based on 
the user.  But that will apply as a blanket to all users.  Provided that the 
ACLs use some sort of precedence it could be fine tuned a little more...

I think this is not usually a problem for people because they simply use a VPN 
to secure the access from outside the organisation.

If you have "training" material - why not stick that in a separate repository - 
then the "training" repository can have quite public access and other 
repositories less so?

Regards,


Arthur



-----Original Message-----
From:   address@hidden on behalf of bumpert
Sent:   Tue 1/9/2007 11:56 PM
To:     address@hidden
Cc:     
Subject:        Block outside connection for an user


Hi,
    we are using CVS version 1.12.12 and we need to block some repository or
module to somes users from outside the office. We accept here many trainees
in programming and we have some code that we don't want these to have access
outside the office and we have some others projects or traning/example
program that we don't really care to let the user access them from outside
the office. But we need to do this only for somes users, not all.

So, for example, i would like to let the user X have access to all
repository or module when his ip is 192.168.2.* (or when is in the office),
but i can't close the CVS to have connection from the internet cause i need
the user Y to have access to all repository and modules all the times (from
inside and outside the office). To finish, i need to let the user Z have
acces to all the repository and modules from inside the office, but block
the repository A when is accessing the CVS from outside.

The only way i found to block the acces to a repository for a user is to
make the repository to a group that the user isn't member of, but it's not
helping my problem of outside/inside access... 

If that could help, we're using the extshh connection. Is anybody could help
me?

Sorry for my poor english and thx
bumpert
-- 
View this message in context: 
http://www.nabble.com/Block-outside-connection-for-an-user-tf2945729.html#a8237161
Sent from the Gnu - Cvs - Info mailing list archive at Nabble.com.



_______________________________________________
info-cvs mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/info-cvs







reply via email to

[Prev in Thread] Current Thread [Next in Thread]