info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: How 2 Secure the repository?


From: Dustin Cavanaugh
Subject: RE: How 2 Secure the repository?
Date: Mon, 11 Mar 2002 11:11:12 -0800

At 10:10 AM 3/11/2002 , Douglas Finkle wrote:
> Environment: cvs 1.11.1p running on unix. Clients are mostly
> wincvs1.13.7+
> (in-house modifications to prevent password display on the
> screen)

Huh?

Huh what?


> plink for ssh connection.

Also, use Pageant on Windows. UNIX will require ssh-agent for
the same functionality.

Pageant did us no good. plink does the ssh connection without a hitch and does not hold the connection open after the transaction completes. Wincvs was another issue ... We/I modified the code so when you display the preferences window, the "Using:" message is not displayed (it contains the password in clear text).

> Developers have valid login on unix server and are
> members of the cvs and users groups.
>
> How do I protect the repository from developers modifying or
> deleting code directly without using cvs? Any protection scheme
> we've been able to think of either locks them out completely or
> has loop holes.

You take away login access. Do this by setting their hashed passwd
in /etc/shadow to "NP", and add a line to their SSH authorization file
on the server side to _only_ allow the command 'cvs server'. The
O' Reilly SSH book explains this pretty clearly.

Taking away login access on THIS machine is not feasible ... however, we are exploring the possibility of moving the repository to another machine where this is not an issue.

Thanks.

Doug

reply via email to

[Prev in Thread] Current Thread [Next in Thread]