[cvsnt] Re: Is it possible to reject SSPI login for non-group members ?
Mike Wake
mike.wake at thales-tts.com
Thu Jan 13 12:44:22 GMT 2005
Tony Hoyle wrote:
> Mike Wake wrote:
>
>> cvs -d
>> sspi;username=naughtyuser;hostname=mycvsserver:/MyLockedDownRepos
>> checkout _all (in directory D:\HowItCouldBeDone)
>> cvs [checkout aborted]: cvs [server aborted]: Repository directory
>> /home/cvsuser/CVSREPOS_LOCKDOWN/MyLockedDownRepos does not exist:
>> Permission denied
>
>
> You have completely denied access to the repository for those users. The
> whole path is given in the error here because it's a configuration
> failure - the server can't access it (or even verify it exists). You
> can perform a lockout like this by denying access to CVSROOT or even
> just CVSROOT/config.
>
I AM trying to completely deny access to the entire repository in
question for those users.
I'm not sure what you mean by
> You
> can perform a lockout like this by denying access to CVSROOT or even
> just CVSROOT/config.
To keep the actual location of the repository hidden are you suggesting
that I make the CVSROOT directory and its contents world readable?
ie Something like this ????
chmod a+rx /home/cvsuser/CVSREPOS_LOCKDOWN/MyLockedDownRepos
chmod a+rx /home/cvsuser/CVSREPOS_LOCKDOWN/MyLockedDownRepos/CVSROOT
chmod a+r /home/cvsuser/CVSREPOS_LOCKDOWN/MyLockedDownRepos/CVSROOT/config
You would probably need val-tags and history too.
It seems counter-intuative to me... hence my questions.
Cheers
Mikew
More information about the cvsnt
mailing list