Here is what I setup for the CVS server. Please advise any weakness...
- In my Unix server, a "cvsuser" group is created with two users
"cvsadmin" and "cvsguest". They (and "root", of course :-) are
the only users in the entire Unix server.
[...]
With the above settings, "cvsguest" is the Unix account shared by all
CVS users (i.e. its password is known to all CVS users). The security
of the system is based on the following assumptions (criticize if you
see any problem...)
- "cvspwd" makes sure that only "cvsadmin" can create/delete CVS
users (I know this because I tried to login into Unix as
"cvsguest" and cannot create CVS user using "cvspwd")
- A CVS user can only change his CVS :pserver password by login in
to the Unix server as "cvsguest" and type "cvspwd <CVS User
Name>". "cvspwd" will first ask you to type in the correct
password of the CVS user.