RE: Restricting users from command prompts [was: (no sub)]

[Rez P]

From reading the manual, I was under the impression that if I set SystemAuth=value in CVSROOT/config to "no" then I can localize and limit user access and no need to declare the users in system's /etc/passwd.

 
 
Thanks for the help and the links.
 

 
> Date: Mon, 2 Mar 2009 13:15:54 -0500
> From: address@hidden
> To: address@hidden
> CC: address@hidden
> Subject: Restricting users from command prompts [was: (no sub)]
>
> Rez P wrote, On 03/02/2009 01:03 PM:
> > Hi all
> >
> > Is there any way to set up CVS on a Redhat Linux server so users using wincvs on windows client machines could use the pserver method (or any method) to do regular CVS transactions (ci,co,add,etc) but don't actually have user id/pw on the linux server and no entries in /etc/passwd? For security reasons we just want them to have access to the repository and not anything else on the linux server.
> >
> > Thanks
>
> http://ximbiot.com/cvs/manual/cvs-1.11.23/cvs_2.html#IDX87
>
> http://ximbiot.com/cvs/manual/cvs-1.11.23/cvs_2.html#SEC32
> second paragraph:
> "On the other hand, once a user has non-read-only access to the repository,
> she can execute programs on the server system through a variety of means.
> Thus, repository access implies fairly broad system access as well. It might
> be possible to modify CVS to prevent that, but no one has done so as of this
> writing."
>
> i.e., you may be (probably are) buying yourself nothing. either you trust
> your users or you don't.
> From what I recall you can also configure SSH to only allow certain commands
> to be ran by certain users. I have never done it myself, but I understand it
> is possible, and when it comes to security I would trust the SSH code more
> than the CVS security code.
>
> Good luck.
> --
> Todd Denniston
> Crane Division, Naval Surface Warfare Center (NSWC Crane)
> Harnessing the Power of Technology for the Warfighter
>
>

---

Express your personality in color! Preview and select themes for Hotmail®. See how.