[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS server patch?
From: |
Derek Robert Price |
Subject: |
Re: CVS server patch? |
Date: |
Fri, 07 Mar 2003 15:59:20 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 |
joel.peshkin@mindspeed.com wrote:
On our site, we have been using group permissions to make direct
repository access (bypassing pserver) impossible as well as keeping
users out of CVSROOT.
-Joel
"Derek Robert Price" <derek@ximbiot.com>
03/07/2003 09:42 AM
To: joel.peshkin@mindspeed.com, bug-cvs@gnu.org
cc:
Subject: Re: CVS server patch?
joel.peshkin@mindspeed.com wrote:
> Derek,
>
> I created a patch against ccvs 1.11.5 to permit a cvs password
> file to use system auth for real local users but still setuid for
> repository access. This means that I can have passwd entries like...
> foo:+:cvsuser
> and user "foo" will still authenticate with the local system but run
> as cvsuser after authenitcation.
>
> Would this be of use to anyone but me?
Why not just let the executable run as the user in system auth mode? If
someone has the user's password, couldn't they get a shell account
anyhow?
Okay, I don't see why not. I still have a few questions, though:
Is "+" really consistently a cross platform retricted character in crypt
output? What about the longer encryption strings some platforms use now
that always start with $1$? Please include documentation links.
With your patch, what happens in the:
username:+
case (no third field)?
Anyone else have a differing opinion? Keep in mind SystemAuth could
still be turned off and maybe always required via the CVSROOT/config file.
Derek
--
*8^)
Email: derek@ximbiot.com
Get CVS support at <http://ximbiot.com>!
--
I will not conduct my own fire drills.
I will not conduct my own fire drills.
I will not conduct my own fire drills...
- Bart Simpson on chalkboard, _The Simpsons_