[Cvsnt] Permissions for changing files in module

Koen no at ssppaamm.com
Wed Feb 20 10:06:29 GMT 2002


Thanks for your reply:

"Bo Berglund" <Bo.Berglund at system3r.se> wrote in message
news:B974373707D4D311A33A0008C70D326B76D9D1 at 3rexchange01.system3r.com...
> 1. On NTFS the security is per user account, but can be managed through
user
>    groups. You can create a few user groups with different permissions and
then
>    the members will have access only to the parts of the file system they
are set
>    up for in the group properties. And it is all stored within the file
system by
>    NT itself, no hidden locks within the CVS files.

OK. But I also read that sending passwords to a CVS server is not safe
(easily decrypted), so it is advised not to use the same password as your
domain password, but map it through by using the passwd file. This way you
can use a different password and still use a domain user account for the
security settings.

> 2. To be able to use the granular security you must have every user
identified by
>    a separate login. You can alias different users to different local or
domain
>    accounts and thus give them different permissions. But the aliased user
must
>    be a valid system account. So CVS users (first on each line) are not
usable
>    unless they also are valid NT accounts.

In the passwd file, the first on each line can be whatever I want, but the
third should be a valid user account:
somename:encpassword:validuser

> 3. If you move the repository to another NT machine you can do so and
preserve the
>    permissions, but only within the domain of course (accounts are domain
entities).
>    But you need to use something else than just copy, there is an NT
command for
>    this kind of move, but I don't know it by heart.

OK. I'll have a look at this.

> 4. If you move the repository to Linux for example you will have to set up
permissions
>    again. No way to transfer this that i know of.
>
> 5. Practical security is whatever you put into those words...
>    But please remember that CVS stands for Concurrent VS, that means that
it is optimized
>    for simultaneous access from many users to the same files. Locking and
other kinds
>    of restrictions are not implemented in any good way, so if you need
that then you
>    have to consider the commercial alternatives instead.

Yes, I understand. But I received got some remarks from people that are
afraid that "someone might change something to their code while they
shouldn't"... I think this is a matter of agreeing upon who touches what, or
else you just don't collaboarte on something... Anyway, security settings
could help with this kind of remarks.

Koen

> /Bo
>
>
> -----Original Message-----
> From: Koen [mailto:no at ssppaamm.com]
> Sent: den 19 februari 2002 17:40
> To: cvsnt at cvsnt.org
> Subject: [Cvsnt] Permissions for changing files in module
>
>
> Hi !
>
> Rather new to CVS usage (let alone setting up a server..)
> I'm using the pserver protocol (access from both Linux and Windows
machines)
> with impersonation with the following password format:
>     usera:encpassworda:localuser
>     userb:encpasswordb:localuser
> So all access rights/permissions are the same on NTFS level for all users.
> Now, is it possible to set permissions for files/directories on the CVS
user
> name level instead of using the NT user names? Is this kept in CVS files
> somehow or is the only security supported on the file system level itself
?
> What happens with set permissions when you move the repository (to another
> machine or to another operating system)?
> Should I really make a login account for each CVS user on my machine?
> Can users themselves specify who can edit their files, or only the
> administrator?
> How is your practical CVS repository security setup?
> I know, lots of questions...
> All advice welcome!
>
> Koen
> _______________________________________________
> Cvsnt mailing list
> Cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt


_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt



More information about the cvsnt mailing list