Re: Security options

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security options

From:	Phil R Lawrence
Subject:	Re: Security options
Date:	Thu, 19 Dec 2002 13:00:14 -0500
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Yesterday we were discussing the following set-up:
  - user account 'phil'
  - user account 'cvs-phil' with shell /sbin/nologin
  - cvs-phil has group rights to modify projects
  - SSH configuration allows cvs-phil only to run cvs

As Mark pointed out, /sbin/nologin prevents phil (or anyone else) fromsu'ing to cvs-phil.

However, it also prevents an SSH connection, which causes an error whenusing cvs:

  cvs update: warning: unrecognized response `This account
  is currently not available.' from cvs server

My best idea is to leave cvs-phil with a regular shell, but disallowsu'ing to cvs-phil (via chuser on AIX, but how about linux?). Since ourserver will be physically secured, no one could directly log onto theconsole as cvs-phil. Then SSH will be configured to only allow the cvscommand.


Any other thoughts?

Thanks,
Phil

[Prev in Thread]

Current Thread

[Next in Thread]

RE: Security options :-(, Zieg, Mark, 2002/12/17
- Re: Security options :-(, Phil R Lawrence, 2002/12/17
- RE: Security options :-(, Zieg, Mark, 2002/12/17
  - Re: Security options :-(, Geoff Beier, 2002/12/17
- RE: Security options :-(, Zieg, Mark, 2002/12/17
  - Re: Security options, Phil R Lawrence <=
    - Re: Security options, Kaz Kylheku, 2002/12/19
- RE: Security options :-(, Douglas Finkle, 2002/12/17

Prev by Date: RE: "cvs server:Up-to-date check failed for 'team/test/MyTest.java'
Next by Date: Re: Security options
Previous by thread: RE: Security options :-(
Next by thread: Re: Security options
Index(es):
- Date
- Thread