[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Running CVS as Non-Root User
From: |
Larry Jones |
Subject: |
Re: Running CVS as Non-Root User |
Date: |
Mon, 24 Jan 2011 11:34:15 -0500 |
address@hidden writes:
>
> Is there any definitive documentation on running CVS as a non-root user?
CVS should never be run as root. The only exception is pserver, which
only runs as root long enough to authenticate the user; once the user
has been authenticated, it switches user and runs as the user instead.
The usual advice is to avoid pserver if at all possible; it's much
better to use ssh for remote access (CVS was never designed to run as
root and thus has a number of security concerns; ssh was).
> Among the questions the answers to which concern us are the following:
>
> * Who owns the repo disk files when running as a non-root user;
The last user to modify the file owns it, regardless.
> * When hooks are invoked by the server when running as a non-root
> user, as which user are they invoked?
Again, CVS only runs as root long enough to authenticate, so hooks are
always run as the actual user.
> * What authentication methods are available to CVS running as a
> non-root user?
CVS shouldn't be used for authentication unless you have no alternative
(or are very trusting of your users).
--
Larry Jones
OK, there IS a middle ground, but it's for sissy weasels. -- Calvin