--- Mark <[EMAIL PROTECTED]> wrote: > > --- Brandon Brinkley <[EMAIL PROTECTED]> wrote: > > > 1. Can CVS be made more hack-proof (e.g. owner > permissions on RCS files in > > the CVSROOT)? > > create a pserver account, a cvs admin account, a > cvsrepo group and put only > those two accounts in that group. run pserver as the > non-root pserver account, > create repos (775) with the cvsadmin account. now no > accounts but these two > accounts have access to the physical CVS repository > structure. When you create > the repo, chmod 755 the CVSROOT directory. All users > must now use CVS (in > pserver mode) to change anything in the repository, > you can use the cvs admin > account in local mode to change CVSROOT. Sure you > hav eto maintain a passwd > file, but I find that easier that maintaining a > sticky bit/SGID/group balance > in the repository.
Huh? From my experience, there is no maintenance of the SGID bit -- just set it and forget it (can I be sued for using this phrase? :-) Moreover, since pserver doesn't run as the user, tracability is compromised. Somehow, pserver has to know who is doing a checkin. This information has to come from the client. Wouldn't clients be able to spoof a username? Noel __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
