[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssh authentication; readers/writers/passwd
From: |
Brandon Craig Rhodes |
Subject: |
Re: ssh authentication; readers/writers/passwd |
Date: |
09 Jul 2002 16:25:55 -0400 |
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Common Lisp) |
Chris Palmer <address@hidden> writes:
> Under [the pserver] model, is all access controlled solely via the
> unix system permissions, or can I also control things with the
> CVSHOME/readers, writers, passwd files? I am hoping that these are
> still used by CVS even if I'm not using the pserver authentication
> system.
Coming in through ssh normally dodges the CVS access control files.
Imagine how annoying this would become if your site wanted to offer
both ssh and pserver password access - you would have to duplicate the
same set of permissions in your Unix filesystem hierarchy and in the
`readers' and `writers' files!
If you are comfortable patching your CVS server, this is easy to
change. The `readers' and `writers' files are consulted by the
server.c:check_command_legal_p(...) function whenever the variable
`CVS_Username' is set - which normally occurs only when using pserver,
when it finds an alias in the `passwd' file. But you can simply
rewrite the function to use the user's login name instead if it finds
that `CVS_Username' is unset - this way, when he comes in through ssh,
he will still be searched for in `readers' and `writers'.
If you are willing to run such a modified server, but cannot write
this patch on your own, let me know and I will write and post a patch
to do it this evening.
--
Brandon Craig Rhodes http://www.rhodesmill.org/brandon
Georgia Tech address@hidden