Re: CVS server patch?

[Derek Robert Price]

joel.peshkin@mindspeed.com wrote:

> On our site, we have been using group permissions to make direct 
> repository access (bypassing pserver) impossible as well as keeping 
> users out of CVSROOT.  
>
> -Joel
>
>
>
> "Derek Robert Price" <derek@ximbiot.com>
>
> 03/07/2003 09:42 AM
>
>        
>         To:        joel.peshkin@mindspeed.com, bug-cvs@gnu.org
>         cc:        
>         Subject:        Re: CVS server patch?
>
>
>
> joel.peshkin@mindspeed.com wrote:
>
> > Derek,
> >
> >     I created a patch against ccvs 1.11.5 to permit a cvs password
> > file to use system auth for real local users but still setuid for
> > repository access.  This means that I can have passwd entries like...
> > foo:+:cvsuser
> > and user "foo" will still authenticate with the local system but run
> > as cvsuser after authenitcation.
> >
> >   Would this be of use to anyone but me?
>
>
> Why not just let the executable run as the user in system auth mode?  If
> someone has the user's password, couldn't they get a shell account 
> anyhow? 


Okay, I don't see why not.  I still have a few questions, though:

Is "+" really consistently a cross platform retricted character in crypt 
output?  What about the longer encryption strings some platforms use now 
that always start with $1$?  Please include documentation links.

With your patch, what happens in the:

   username:+

case (no third field)?

Anyone else have a differing opinion?  Keep in mind SystemAuth could 
still be turned off and maybe always required via the CVSROOT/config file.

Derek

--
               *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
--
I will not conduct my own fire drills.
I will not conduct my own fire drills.
I will not conduct my own fire drills...

         - Bart Simpson on chalkboard, _The Simpsons_