Hello, I want to set up CVS in a way so that some dedicated cvs users cannot do anything hostile. For that reason they have to login via SSH and their login shell is a simple program that checks that they want to execute "cvs server" and then executes "cvs server" itself. But now a simple "cvs -d :ext:<user>@host:/tmp/<any name> init" allows those users to "pollute" the /tmp directory (or any other directory they are allowed to write to, even within an existing repository they have access to).
Should not creating new repositories be disallowed via remote access? Another question I asked some time ago on this list: Is --allow-root evaluated for "cvs server" in the current development version, or is it at least on the todo list? Stephan _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs