>From reading the manual, I was under the impression that if I set >SystemAuth=value in CVSROOT/config to "no" then I can localize and limit user >access and no need to declare the users in system's /etc/passwd.
Thanks for the help and the links. > Date: Mon, 2 Mar 2009 13:15:54 -0500 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Restricting users from command prompts [was: (no sub)] > > Rez P wrote, On 03/02/2009 01:03 PM: > > Hi all > > > > Is there any way to set up CVS on a Redhat Linux server so users using > > wincvs on windows client machines could use the pserver method (or any > > method) to do regular CVS transactions (ci,co,add,etc) but don't actually > > have user id/pw on the linux server and no entries in /etc/passwd? For > > security reasons we just want them to have access to the repository and not > > anything else on the linux server. > > > > Thanks > > http://ximbiot.com/cvs/manual/cvs-1.11.23/cvs_2.html#IDX87 > > http://ximbiot.com/cvs/manual/cvs-1.11.23/cvs_2.html#SEC32 > second paragraph: > "On the other hand, once a user has non-read-only access to the repository, > she can execute programs on the server system through a variety of means. > Thus, repository access implies fairly broad system access as well. It might > be possible to modify CVS to prevent that, but no one has done so as of this > writing." > > i.e., you may be (probably are) buying yourself nothing. either you trust > your users or you don't. > From what I recall you can also configure SSH to only allow certain commands > to be ran by certain users. I have never done it myself, but I understand it > is possible, and when it comes to security I would trust the SSH code more > than the CVS security code. > > Good luck. > -- > Todd Denniston > Crane Division, Naval Surface Warfare Center (NSWC Crane) > Harnessing the Power of Technology for the Warfighter > > _________________________________________________________________ Express your personality in color! Preview and select themes for HotmailĀ®. http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=TXT_MSGTX_WL_HM_express_032009#colortheme
