[cvsnt] Yet Another Security Question
Lawson.Reed
Reed.Lawson at IGT.com
Thu Feb 27 20:31:04 GMT 2003
Hi,
First, I'd like to say that CVSNT and WinCVS have been performing
wonderfully
here in a test case at IGT. It has impressed the socks off everybody. I'm
currently
working on addressing the "powers" concerns before we deploy this all over
the
company. One of them is Access Control and I'm trying to come up with a
plan...
We are totally Windows based here (mostly XP), so rather than have a
duplicate
access control system (with SystemAuth = Yes, using a passwd file and chacl,
etc.)
I thought I'd just use the normal NT4 type Access Control, meaning,
right click the folder on the server, select Properties the Security and
specify
who can access that folder or file or tree. That seems to work just fine...
First of all, is this a bad idea? Is there some advantage in the other
SystemAuth = Yes approach? Am I missing something here?
The thing that I just discovered does not work is "cvs admin <anything>". I
get the
error:
cvs [admin aborted]: usage is restricted to members of the group
Administrators
So, I started reading the docs and saw this in cvs.html...
-------------------------------------------8<-------------------------------
-----
3.7 Repository administrators
If SystemAuth = Yes the user is considered to be an administrator of
they
are listed in the CVSROOT/admin file or if they are in the
'Administrators'
group (NT) or 'cvsadmin' group (Unix).
If SystemAuth = No only the CVSROOT/admin file is checked.
-------------------------------------------8<-------------------------------
-----
Since I'm a "no" on SystemAuth , I created that admin file in the CVSROOT of
the
repository (thanks Glen Starrett) but unlike Glen, my result was no
different.
Is the admin file all I need or is there something else I need to do? I AM
in
the Administrators group on the server, but, not on the domain. By the way,
in
the admin file I tried several names:
rlawson <-- That's my login to the NT4 domain.
engineering\rlawson <-- That's what's on the CVSROOT line.
engineering\\rlawson <-- Just in case some unix code removes the first \.
engineering/rlawson <-- Worth a try.
engineering#rlawson <-- this is what $USER expands to in the loginfo
file.
rlawson at engineering <-- Worth a try.
none of these work.
My CVSROOT is :pserver:engineering\rlawson at fe408886:/work
CVSNT Control panel settings:
My server is 1.11.1.3 build 66
Server side support for ntserver protocol ON
Impersonation enabled ON
Use local users for pserver auth instead of domain users OFF
Repository Prefix is D:/CVSROOT
Valid repository roots /work
I put my admin file in D:\CVSROOT\work\CVSROOT on the server.
In my config file, the only thing that is no a comment is this:
LockServer=localhost:2402
See any reason why no one can use "cvs admin"??
BTW, I'm trying "cvs admin" on a client machine where everything else is
working
just fine. I'm also using the 'cvs' that comes with WinCVS. Is that my
problem?
Here is the cvs -v output....
-----------------------------------------8<---------------------------------
---
cvs -v
Concurrent Versions System (CVS) 1.10.8 (client)
Copyright (c) 1989-1998 Brian Berliner, david d `zoo' zuhn,
Jeff Polk, and other authors
Win32 version (Nov 24 2000) Copyright (c) 1999-2000 Tony Hoyle and others
see http://www.cvsnt.org
CVS may be copied only under the terms of the GNU General Public License,
a copy of which can be found with the CVS distribution kit.
Specify the --help option for further information about CVS
------------------------------------------8<--------------------------------
---
Thanks for your help!
__________________________________
Reed Lawson
IGT Firmware Engineering
(775) 448-0755
More information about the cvsnt
mailing list