info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS security question


From: Pankaj Garg
Subject: Re: CVS security question
Date: Tue, 03 Feb 2004 13:05:57 -0800

I wonder why do we not CVS has a server which run with SUID (Super User ID) and only it can access repository. Other users can login via SSH, verify their credentials with our CVS Server and ask CVS Server to carry out their requests. They can request normal repository operations based on their privilege. This new CVS server will give much better control because we can set minute details of permissions on repository and files inside it. In fact we can have just One repository in all and host multiple projects under it and give control of these projects to different group of people.

Whats stopping people from implementing this?

Thanks
Pankaj


From: "Mark D. Baushke" <address@hidden>
To: "Pankaj Garg" <address@hidden>
CC: address@hidden
Subject: Re: CVS security question
Date: Tue, 03 Feb 2004 09:10:49 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pankaj Garg <address@hidden> writes:

> I am a new user of CVS. I setup CVS server on my linux box. I want two users > to have check-in access to my repository and i want to use SSH. To use SSH i > need to make shell accounts for those two users. Now because these two users
> have shell account and have write access to my repository, they can
> essentially login in my CVS server box and do an rm -fR on my whole
> repository. Is there a way to prevent this?

This topic has been recently discussed. See the thread starting here:
  http://mail.gnu.org/archive/html/info-cvs/2004-01/msg00188.html

Note that you can also make "anonymous cvs" access available via SSH if
you wish. Details are listed here in this article by Joey Hess:

  http://www.kitenet.net/~joey/sshcvs/

(a copy of it may also be found here if the first site is busy or down):

  http://www.blacksheepnetworks.com/security/resources/sshcvs/

        Enjoy!
        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFAH9YY3x41pRYZE/gRAhr0AJ9bqCrTBdBflwoUfF+zEs40wk3CHwCgma/8
1tkWzfJy7h17burPL9mM7x8=
=fsNR
-----END PGP SIGNATURE-----


--
Pankaj Garg
www.intellectualheaven.com

_________________________________________________________________
Learn how to choose, serve, and enjoy wine at Wine @ MSN. http://wine.msn.com/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]