Dave Sherohman wrote:
>
>Check out http://www.loria.fr/~molli/cvs/doc/cvs_2.html#SEC29 for
information
>on pserver security options. You can set up a CVS-specific passwd
file
>in the CVSROOT directory and, e.g., use it to map all users to a
generic
>'cvsuser' account, which doesn't need the ability to log in. cvsuser
will
>then own all of the files, but commit information will still be
logged
>with the CVS username rather than the unix username. You might want
to
>even use this technique with users who have real accounts on the
server,
>as it will (a) keep everything owned by a single dummy user, which
seems
>to be what you want, and (b) allow your developers to have a CVS
password
>that's different from their login password (which is a Good Thing,
given
>that pserver logins are done in cleartext).
>
In this case, I would need to manually add every user to the
CVSROOT/passwd file. I assume that it would look something like this:
user1:ULtgRLXo7NRxs:cvsuser
user2:ULtgRLXo7NRxs:cvsuser
user3:ULtgRLXo7NRxs:cvsuser
user4:ULtgRLXo7NRxs:cvsuser
All our developers currently have root access so password security is
not relevant. I am more concerned with repository security. I don't
want our users to be able to access the repository directly (i.e. I
want it under a different user and group so that they can't even see
it without going through the server.
I guess this will work. I just wish that CVS had an option so that I
could just set it up and leave it. This solution will require me to
continually edit the CVSROOT/passwd file to add and remove users.
Ideally, I would like to have a --runas option in CVS where it would
authenticate against the /etc/passwd file but then just check out as
cvsuser. That way I could make the repository owned by cvsuser and
the programmers wouldn't be able to access it except through the CVS
server and I wouldn't have to ever edit the CVSROOT/passwd file. The
administrator would only have to add a Unix user -- he wouldn't have
to add a CVS user as well. Possible food for thought for an
enhancement?
--
Stephen Rasku E-mail: [EMAIL PROTECTED]
Senior Software Engineer Web: http://www.tgivan.com/
TGI Technologies http://www.pop-star.net/
