Re: Security aspect in CVS

Wed, 24 Apr 2002 11:04:11 -0700 

[ On Wednesday, April 24, 2002 at 17:01:19 (+0530), Sumit Mandal wrote: ]
> Subject: Security aspect in CVS
>
> I have recently installed the CVS NT Server in Windows 2000 Server Edition.I am 
>using WinCVS 1.3 client.They work fine.To implement CVS at organizational level,I am 
>exploring CVS and all its features.I have the following queries from security point 
>of view :

Please wrap long lines at less than 80 characters!!!!!
(and please put spaces after punctuation marks!)

You're probably asking on the wrong list -- info-cvs is primarily about
generic CVS issues and CVS on unix.....

> How to give read access to a particular module ?

Presuming you're asking how to give read-only access to a specific
module and/or specific set of users, then I don't know if that can be
done on NT/Windoze-2K.

> How can I prevent a module to be checked out from the client end(say the CVSROOT 
>module which I do not any one to access other than the Administrator) ?

You should probably consider hosting your repository on a unix-based
server and using real system accounts for every user (and
administrator), and using SSH to access the server from "remote"
clients.....

> How can I prevent a particular file to be checked in by a user, in cases where we 
>want to restrict check-in ?

If your repository were hosted on unix then you could control access to
all the files in a given directory based on the group membership of the
users.....

> I am using pserver protocol.

There is no security in the pserver protocol (or the server
implementation) beyond what's minimally necessary for anonymous
read-only access to CVS.

> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>


Please DO NOT EVER send HTML, rich text, or otherwise stylized e-mail,
especially not to me or to any public mailing list.  Not all mail
readers will recognize such formats.  HTML in particular is a potential
security threat and many firewalls filter it entirely -- especially
since CERT and Microsoft recently anounced a very major flaw in the HTML
rendering engine used in all Microsoft products.  Please send all your
messages as plain text only.



-- 
                                                                Greg A. Woods

+1 416 218-0098;  <[EMAIL PROTECTED]>;  <[EMAIL PROTECTED]>;  <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; VE3TCP; Secrets of the Weird <[EMAIL PROTECTED]>

_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Reply via email to