Re: CVS security question

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS security question

From:	Pankaj Garg
Subject:	Re: CVS security question
Date:	Tue, 03 Feb 2004 13:05:57 -0800

I wonder why do we not CVS has a server which run with SUID (Super User ID)and only it can access repository. Other users can login via SSH, verifytheir credentials with our CVS Server and ask CVS Server to carry out theirrequests. They can request normal repository operations based on theirprivilege. This new CVS server will give much better control because we canset minute details of permissions on repository and files inside it. In factwe can have just One repository in all and host multiple projects under itand give control of these projects to different group of people.

Whats stopping people from implementing this?

Thanks
Pankaj

From: "Mark D. Baushke" <address@hidden>
To: "Pankaj Garg" <address@hidden>
CC: address@hidden
Subject: Re: CVS security question
Date: Tue, 03 Feb 2004 09:10:49 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pankaj Garg <address@hidden> writes:

> I am a new user of CVS. I setup CVS server on my linux box. I want twousers> to have check-in access to my repository and i want to use SSH. To useSSH i> need to make shell accounts for those two users. Now because these twousers

> have shell account and have write access to my repository, they can
> essentially login in my CVS server box and do an rm -fR on my whole
> repository. Is there a way to prevent this?

This topic has been recently discussed. See the thread starting here:
  http://mail.gnu.org/archive/html/info-cvs/2004-01/msg00188.html

Note that you can also make "anonymous cvs" access available via SSH if
you wish. Details are listed here in this article by Joey Hess:

  http://www.kitenet.net/~joey/sshcvs/

(a copy of it may also be found here if the first site is busy or down):

  http://www.blacksheepnetworks.com/security/resources/sshcvs/

        Enjoy!
        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFAH9YY3x41pRYZE/gRAhr0AJ9bqCrTBdBflwoUfF+zEs40wk3CHwCgma/8
1tkWzfJy7h17burPL9mM7x8=
=fsNR
-----END PGP SIGNATURE-----


--
Pankaj Garg
www.intellectualheaven.com

_________________________________________________________________

Learn how to choose, serve, and enjoy wine at Wine @ MSN.http://wine.msn.com/

[Prev in Thread]

Current Thread

[Next in Thread]

CVS security question, Pankaj Garg, 2004/02/03
- Re: CVS security question, Larry Jones, 2004/02/03
- Re: CVS security question, Mark D. Baushke, 2004/02/03
- RE: CVS security question, Jim.Hyslop, 2004/02/03
- RE: CVS security question, Matthew . Riechers, 2004/02/03
- RE: CVS security question, Mark Jaffe, 2004/02/03
- RE: CVS security question, Rick Genter, 2004/02/03
  - RE: CVS security question, Greg A. Woods, 2004/02/04
- Re: CVS security question, Pankaj Garg <=
  - Re: CVS security question, Mark D. Baushke, 2004/02/03
  - Re: CVS security question, Greg A. Woods, 2004/02/04
- RE: CVS security question, Patton, Matthew E., CTR, OSD-PA&E, 2004/02/03

Prev by Date: RE: How to determine what tag a branch was based on?
Next by Date: RE: CVS security question
Previous by thread: RE: CVS security question
Next by thread: Re: CVS security question
Index(es):
- Date
- Thread