[cvsnt] linux host, and ACLs
Gerhard Fiedler
lists at connectionbrazil.com
Fri Oct 20 13:59:31 BST 2006
duane_ellis at franklin.com wrote:
>> Forget about file system ACLs, and use simply the cvsnt ACLs. They work
>> the same on Windows and Linux AFAIK. The only thing that may be
>> different is where cvsnt gets the info about the users from, but there
>> should be info out there about this.
>
> Ah.. think I must use the filesystem ACLs...
>
> Otherwise users can just "cd /to/the/CVSROOT" and gain access
> to thinks they should not have access to.
Disclaimer: IANXSA (I am no *x sys admin :) I just know a bit of *x as a
user.
You may think about running the cvsnt service as its own user, give it only
access to what you want cvsnt to access, and prevent all other users from
accessing the repository (using file system ACLs). This way nobody could
run your "cd /to/the/CVSROOT" command. Access to CVSROOT would be only
through cvsnt, secured by cvsnt's ACLs.
Besides, you should of course block all access to the server that is not
desired. So if you don't want your users to have direct command line or
file system access, don't give it to them. cvs(nt) accesses the server
through one specific port (2401 by default). This is the only port that
needs to be open for cvs(nt) access. (There might be others needed for
SSH.) Do they have to be able to run a shell on the server? If not, don't
allow it. No shell, no "cd".
> Unless CVSNT runs as "SETUID so-other-user" and the entire CVS
> repository is non-accessable by casual "cd /to/the/CVSROOT"
I'm not sure how that works on *x systems, but on Windows the cvsnt service
can be set up to run as the user that connects through the client
("impersonation"). Depending on your security setup, this may be desired
(you have the cvsnt processes running as the user who runs a cvsnt command
-- permissions work on the individual user) or not (you have the cvsnt
processes running always as the same cvsnt user -- all cvsnt access
permissions are set through only one user).
For example, on my Windows server I use impersonation -- but I have blocked
all shell/telnet/file system/etc access. So the users, if they could log in
to a shell on the box, could access some files they shouldn't, but they
can't log in -- other than through cvsnt, at which point they are confined
to the repository through the cvsnt ACLs.
> I don't see how I can stop users from "cd /to/the/CVSROOT" and looking
> around.
"cd" is not a cvsnt command. Preventing users from running "cd
into/something" has nothing to do with cvsnt, it seems to me. That sounds
like a *x system admin question. But maybe this has been answered above.
> Please understand, perhaps my understanding is clouded with the fact I've
> been using standard UNIX based CVS for +12 years and I don't know
> some key difference with CVSNT.
One key difference seems to be that cvsnt has its own ACLs. cvs doesn't
have them. So if you can restrict your users to running cvsnt (or prevent
them from accessing the repository files other than through cvsnt) and use
cvsnt ACLs to restrict access to repository files, you're set it seems to
me.
Gerhard
More information about the cvsnt
mailing list