RE: New update to the CVS ACL patch to support user groups

[Noel L Yap]

>> Without root access (or as limited root assistance as possible), can you
>> explain the set up CVS client/server using SSH that has/addresses the
>> following:
>>     - prevents all users from any type of write acces to the CVS repostory
file
>> structure (they may or may not have there sand boxes on the server machine)
>
>Do you mean to set up anonyous read-only access?  Or do you mean to
>prevent users from gaining shell-level access to the repository
>directories?  (If the latter then you don't have that now, so what are
>you asking for it for?)

At one point, I was playing around with using file system ACL's to control
execute permissions on a setgid CVS.

Before I go on, I must say that I CANNOT VOUCH FOR THE SECURITY OF THIS SETUP.

This (along with file system ACL's in the repo) allowed me to control who has
access to what in the repo while preventing users from having direct access to
it.  In order for them to gain direct access, they would have to do some
hacking.  Furthermore, I was the one granting permissions, not a sysadmin.

Noel



This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.