[cvsnt] Re: cvs repository folder permission
Tony Hoyle
tony.hoyle at march-hare.com
Wed Mar 22 10:13:27 GMT 2006
Cheok Yan Cheng wrote:
> When I setup CVSNT server, 2 objectives in my mind:
>
> (1) Users (except root) should not have read/ write
> permission to the CVS repository through remote
> control (for example, telnet)
>
> (2) However, users can checkout/ checkin the files to
> CVS repository through CVS pserver. (by using tortoise
> cvs)
>
> For (1), I can just simply set the CVS folder to chmod
> 700. However, by setting the CVS respository to 700,
> this will break (2). User can no longer checkout/
> checkin files to CVS repository through CVS pserver
>
> The simplest solution is to disable telnet feature.
> However, we do not want to do so. We want the user to
> have the ability to remote control, in order to
> perform other operations.
>
> Any advice for achieve (1) and (2) at the same time?
>
Create a user (and group, possibly) for cvs. chown the repository to
this user, and chmod 700 the directories (and 600 for the files).
Then in the PServer file set RunAsUser to this user. The server will
always setuid to that user to access the repository, so remote users
will be able to work, but local users will have no access.
The downside is this breaks local access to the repository and (by
extension) ssh access, since ssh doesn't have a mechanism for changing
the user it impersonates... since ssh and telnet are equivalent,
permissions wise, you can't have one without the other.
Tony
More information about the cvsnt
mailing list