[cvsnt] Don't want to share the Repository folder
David Somers
dsomers at omz13.com
Fri Jun 16 16:10:06 BST 2006
Gerhard Fiedler wrote:
> Bo Berglund wrote:
>
>> Noone at all except the CVS service should have access to the repository
>> files!
>
> While all the rest is of course correct, I think this is a bit over the
> top
> :)
I don't think Bo was OTT... IMHO he didn't go far enough and should have
said:
None at all except the CVSNT service (and root/NT admins) should have
*write* access to the repository files. In a few rare cases (e.g. viewvc -
née viewcvs), even *read* access should be prohibited since everything
should go via the CVSNT service (especially if audit logging is enabled).
> AFAIK, often a sys admin does have (and even may need to have) access to
> the repository tree. If only to the CVSROOT folder...
BTW, about the only file your sys admin will ever need to directly
manipulate is CVSROOT/passwd.
Greetings from Luxembourg.
--
David Somers
More information about the cvsnt
mailing list