|
From: | Dustin Cavanaugh |
Subject: | RE: How 2 Secure the repository? |
Date: | Mon, 11 Mar 2002 11:11:12 -0800 |
> Environment: cvs 1.11.1p running on unix. Clients are mostly
> wincvs1.13.7+
> (in-house modifications to prevent password display on the
> screen)
Huh?
> plink for ssh connection.
Also, use Pageant on Windows. UNIX will require ssh-agent for
the same functionality.
> Developers have valid login on unix server and are
> members of the cvs and users groups.
>
> How do I protect the repository from developers modifying or
> deleting code directly without using cvs? Any protection scheme
> we've been able to think of either locks them out completely or
> has loop holes.
You take away login access. Do this by setting their hashed passwd
in /etc/shadow to "NP", and add a line to their SSH authorization file
on the server side to _only_ allow the command 'cvs server'. The
O' Reilly SSH book explains this pretty clearly.
Doug
[Prev in Thread] | Current Thread | [Next in Thread] |