I haven't really been following this thread so forgive me if the following has
been suggested already.
It sounds like you have several different groups that you want to have different
permissions into the repository. The way I've solved this problem in the past
is to use file system ACL's (we're using Solaris). File system ACL's
generalises the notion of user and group permissions such that several different
users and groups can have different sets of permissions on each disk element.
Anyway, if you can use file system ACL's, I would suggest you do so.
Also, pserver is the only way to have CVS know the user as anything other than
the system user. I've posted a patch on SourceForge (under the RCVS project) to
change the behaviour of client/server CVS to act more like pserver in this
respect.
Noel
[EMAIL PROTECTED] on 2000.07.21 17:08:14
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED] (bcc: Noel L Yap)
Subject: Re: CVS permissions
Dave Sherohman wrote:
>
>On Fri, Jul 21, 2000 at 12:39:15PM -0700, Stephen Rasku wrote:
>> user1:ULtgRLXo7NRxs:cvsuser
>> user2:ULtgRLXo7NRxs:cvsuser
>> user3:ULtgRLXo7NRxs:cvsuser
>> user4:ULtgRLXo7NRxs:cvsuser
>
>Do you want them to all have the same password? If so (and you want
to
>anonymize CVS activity, which I wouldn't) an easier way to set this
up would
>be to just have everyone connect to CVS as cvsuser by setting their
$CVSROOT
>to :pserver:[EMAIL PROTECTED]:/path/to/repository.
No, I guess that's not what I want. I want the Repository accessed by
a user who is not part of the programmers group in order to protect
it. And I want all log messages to be reported as the actual
programmer who made the changes.
This doesn't seem to be rocket science to me but CVS doesn't seem to
support it. I don't really want to have a separate CVS/passwd file
because then that means that the passwords for CVS have to be handled
separately and, in an "out of the box" configuration, they have to be
managed by the CVS administrator rather than the user.
>
>> All our developers currently have root access so password security
is
>> not relevant. I am more concerned with repository security. I
don't
>> want our users to be able to access the repository directly (i.e. I
>> want it under a different user and group so that they can't even
see
>> it without going through the server.
>
>If they have root access to the machine with the repository, you
can't stop
>them from modifying it directly, regardless of who owns the files.
We will have a different root password on that machine and only the
network administrator(s) will know it.
--
Stephen Rasku E-mail: [EMAIL PROTECTED]
Senior Software Engineer Web: http://www.tgivan.com/
TGI Technologies http://www.pop-star.net/
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
