[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Restricting users from command prompts [was: (no sub)]

From: Todd Denniston
Subject: Restricting users from command prompts [was: (no sub)]
Date: Mon, 02 Mar 2009 13:15:54 -0500
User-agent: Thunderbird (X11/20081209)

Rez P wrote, On 03/02/2009 01:03 PM:
Hi all
Is there any way to set up CVS on a Redhat Linux server so users using wincvs on windows client machines could use the pserver method (or any method) to do regular CVS transactions (ci,co,add,etc) but don't actually have user id/pw on the linux server and no entries in /etc/passwd? For security reasons we just want them to have access to the repository and not anything else on the linux server. Thanks
second paragraph:
"On the other hand, once a user has non-read-only access to the repository, she can execute programs on the server system through a variety of means. Thus, repository access implies fairly broad system access as well. It might be possible to modify CVS to prevent that, but no one has done so as of this writing."

i.e., you may be (probably are) buying yourself nothing. either you trust your users or you don't. From what I recall you can also configure SSH to only allow certain commands to be ran by certain users. I have never done it myself, but I understand it is possible, and when it comes to security I would trust the SSH code more than the CVS security code.

Good luck.
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

reply via email to

[Prev in Thread] Current Thread [Next in Thread]