Classification: UNCLASSIFIED > -----Original Message----- > From: Pankaj Garg [mailto:[EMAIL PROTECTED]
> SSH. To use SSH i > need to make shell accounts for those two users. yes and no. if their repository permissions are the same then make a fake shell user to represent the persons and then put their keys in authorized_keys. I have any number of persons that have RW to a tree but on the CVS server I only have one account that owns the files. I know who connected from the ssh logs. Yes it might be really nice to know inside of CVS who was doing what and when but for what I'm doing, it doesn't matter and simplicity is more desirable. Not to mention like another thread that just popped up you can't check out what some bloke did, only by time so knowing the identity of the actor is somewhat debatable. > have shell account and have write access to my repository, they can > essentially login in my CVS server box and do an rm -fR on my whole > repository. Is there a way to prevent this? others have mentioned using ssh's tricks (~/.sshrc or something like that). setting a shell to /bin/false keeps interactive access off but as I just tested to make sure, doesn't actually allow you to run "cvs server" or anything else for that matter. You need a limited shell script. I wrote one that basically invokes 'cvs server' after setting up some environment particulars first. It works fine. _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs