[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Restricting users from command prompts [was: (no sub)]
From: |
Todd Denniston |
Subject: |
Restricting users from command prompts [was: (no sub)] |
Date: |
Mon, 02 Mar 2009 13:15:54 -0500 |
User-agent: |
Thunderbird 2.0.0.19 (X11/20081209) |
Rez P wrote, On 03/02/2009 01:03 PM:
Hi all
Is there any way to set up CVS on a Redhat Linux server so users using wincvs on windows client machines could use the pserver method (or any method) to do regular CVS transactions (ci,co,add,etc) but don't actually have user id/pw on the linux server and no entries in /etc/passwd? For security reasons we just want them to have access to the repository and not anything else on the linux server.
Thanks
http://ximbiot.com/cvs/manual/cvs-1.11.23/cvs_2.html#IDX87
http://ximbiot.com/cvs/manual/cvs-1.11.23/cvs_2.html#SEC32
second paragraph:
"On the other hand, once a user has non-read-only access to the repository,
she can execute programs on the server system through a variety of means.
Thus, repository access implies fairly broad system access as well. It might
be possible to modify CVS to prevent that, but no one has done so as of this
writing."
i.e., you may be (probably are) buying yourself nothing. either you trust
your users or you don't.
From what I recall you can also configure SSH to only allow certain commands
to be ran by certain users. I have never done it myself, but I understand it
is possible, and when it comes to security I would trust the SSH code more
than the CVS security code.
Good luck.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
- (no subject), Rez P, 2009/03/02
- RE: (no subject), Rez P, 2009/03/02
- Restricting users from command prompts [was: (no sub)],
Todd Denniston <=