info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: twisted CVS

From: Noel Yap
Subject: Re: twisted CVS
Date: Wed, 14 Aug 2002 05:38:45 -0700 (PDT) 
--- Mark <address@hidden> wrote:
> 
> --- Brandon Brinkley <address@hidden> wrote:
> 
> > 1. Can CVS be made more hack-proof (e.g. owner
> permissions on RCS files in
> > the CVSROOT)?
> 
> create a pserver account, a cvs admin account, a
> cvsrepo group and put only
> those two accounts in that group. run pserver as the
> non-root pserver account,
> create repos (775) with the cvsadmin account. now no
> accounts but these two
> accounts have access to the physical CVS repository
> structure. When you create
> the repo, chmod 755 the CVSROOT directory. All users
> must now use CVS (in
> pserver mode) to change anything in the repository,
> you can use the cvs admin
> account in local mode to change CVSROOT. Sure you
> hav eto maintain a passwd
> file, but I find that easier that maintaining a
> sticky bit/SGID/group balance
> in the repository.

Huh?  From my experience, there is no maintenance of
the SGID bit -- just set it and forget it (can I be
sued for using this phrase? :-)

Moreover, since pserver doesn't run as the user,
tracability is compromised.  Somehow, pserver has to
know who is doing a checkin.  This information has to
come from the client.  Wouldn't clients be able to
spoof a username?

Noel

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]