[cvsnt] Re: Upgrading from 2.0.40 to 2.058b: Problems with permissions
Tony Hoyle
tmh at nodomain.org
Mon Oct 25 15:46:31 BST 2004
Johannes Kilian wrote:
> What are the reasons that it's not recommended to run the service as
> another user? We've done this since we are using CVSNT (since its
> earliest days) and had never problems with it ... What are the
> advantages of using the CVS specific settings? I need good arguments to
> justify the switch to your recommended method ...
It's hard to get the permissions right on another user - you end up
giving them things like admin priviliges which is actually more powerful
than LocalSystem (LocalSystem is limited in what it can do - for example
it has no external network access).
If you tell CVS to switch to a user itself that user can be completely
unpriviliged eg. Guest. The switch is done almost immediately after the
cvs process loads (before any user input is processed) so is completely
secure.
Tony
More information about the cvsnt
mailing list