|
From: | Derek Robert Price |
Subject: | Re: cvs user, cvs password |
Date: | Tue, 13 Aug 2002 08:58:34 -0400 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606 |
Comments below. Andrey Aristarkhov wrote:
Hi all! Some years ago I had a lot of administering issues with users who wanted to change their password for CVS. As a result I've wrote cvspasswordprogram to allow such users change password via web. After some period of time I've rewrite the program to add commands"user" and "pass(word)" to cvs. Find README file for my project at the bottom of this message. I can also post my implementation files and patches to CVS code. Regards, Andrey AristarkhovBiTechnologyREADME file for cvs user/pass(word) commands ------------------------------------------------------------------------ ---- cvs user & cvs pass(word) commands implementation Author: Andrey Aristarkhov <Aristarkhov@bitechnology.ru> ------------------------------------------------------------------------ ---- Introduction ============ Usage: cvs user <[-a | -m | -d] username> [-u alias] [-p | -P password] -a|-m|-d 'add', 'modify' or 'delete' user respectively -u Use "alias" to specify system user for cvs-user. -P Use "password" to specify user password in a command line OR -p enter user password interactively Usage: cvs password [username] If no "username" is given password will be set for the current user "username" Use it if you want to change password for the specified user CVS' command "user" is intended to simplify user management within CVS repository. It works with administrative file $CVSROOT/CVSROOT/passwd to add/delete/modify users. CVS' command "password" is intended to allow users change their own passwords to CVS repository. Note: "user" and "password" commands work only with CVS users listed in passwd file. There is no way to change password for system users by means of these commands. These commands have simplest security restrictions and considerations: 0. There must be a user named "admin" in CVS repository who has full rights to modify users in the CVS repository.
Why add a new user? Why not use the UNIX `cvsadmin' group like the `cvs admin' command does: <http://www.cvshome.org/docs/manual/cvs_16.html#SEC119>?
Even better would be a permissions API that accepts some token representing the action (say a string "name"), and a list of data, then returns true or false and maybe an error message, but that's probably too much to hope for at the moment. :)
`cvs passwd' would be available to all users, so it makes sense that it be given a full command namespace, but does it make sense to make `cvs user' its own command rather than part of the the `cvs admin' command? You could use the existing `cvsadmin' group restriction for free then, I think.
Of course, if added, `user' should be restricted regardless of the existance of the `cvsadmin' group, so maybe the extra work would be necessary anyhow.
1. Only administrator can add and delete users. 2. Only administrator can change user alias. 3. User's password can be changed either by CVS Administrator or by a person who knows current user's CVS password. Known issues ============ There is no way to add user "admin" to CVS' user list via cvs user command. This user should be added manually. To-Do List ========== 1. Test cvs user & pass(word) command for various platforms. Current version is tested under FreeBSD 4.3-RELEASE. 2. "user" command should take additional paramters: Email and Name of user to add it to CVSROOT/notify admin file. 3. Write cvspasswd - standalone wrapper program around user/password functions. (Currently is under development)
I'll add some more comments to the patches. Derek -- *8^) Email: derek@ximbiot.com Get CVS support at http://ximbiot.com -- Man who run in front of car get tired.
[Prev in Thread] | Current Thread | [Next in Thread] |