-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Connors <[EMAIL PROTECTED]> writes:
> > cvs --version > Concurrent Versions System (CVS) 1.12.1 (client/server) > > I am on a network, and I have my own private repository which I share with > no-one. All the ,v files, and the checked out files, are owned by me. > > There unfortunately happens to be a shared repository on the same network, > and hence a cvsadmin group. I only access my repository using local file > access, and ssh. Since I have no need to be a member of the shared > repository, I am not a cvsadmin member. The repository owner (you) have complete control over what folks in a non-cvsadmin group are able to do. Add a UserAdminOptions=ibcaAeluLUnNmostIqxVk line to your CVSROOT/config file and you should be able to use all of the cvs admin options available without being a cvsadmin group member. > Why then, does cvs check to see whether I am a member of cvsadmin, despite > me having permissions to the files anyway? Because after a user does a checkin to the repository, they will own all of the files in the repository, so that is not a sufficient guarentee that they are permitted to do administration on the repository. > This is a useless security measure, if it is one, because I can either > hack cvs myself, or I can simply take to the ,v files with a > chainsaw^Weditor. It is not useless as it requires shell access to the repository which is not always granted by all cvs administrators. You can 'hack' cvs yourself by creating your own executable with the ./configure --without-cvs-admin-group or by using your own special group ./configure --with-cvs-admin-group=mygroup if you wish to create your own cvs executable. However, I suggest the administrator of the other repository will be unhappy with you if you use your own cvs executable on the shared repository. > Is it just a case of forgetting to turn off the test when accessing over > non pserver etc methods? No, it is not. -- Mark For further reading consider the following documentation. https://www.cvshome.org/docs/manual/cvs-1.12.11/cvs_16.html#SEC132 https://www.cvshome.org/docs/manual/cvs-1.12.11/cvs_18.html#SEC205 UserAdminOptions=value Control what options will be allowed with the cvs admin co section admin--Administration) for users not in the cvsadm value string is a list of single character options which s If a user who is not a member of the cvsadmin group tries cvs admin option which is not listed they will will receiv message reporting that the option is restricted. If no cvsadmin group exists on the server, CVS will ignore UserAdminOptions keyword (see section admin--Administratio When not specified, UserAdminOptions defaults to `k'. In o defaults to allowing users outside of the cvsadmin group t admin command only to change the default keyword expansion As an example, to restrict users not in the cvsadmin group admin to change the default keyword substitution mode, loc unlock revisions, and replace the log message, use `UserAd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFCLII+3x41pRYZE/gRAqttAJ9FPHN2O1k4zI7FbFsyLUQvJyd/iACfUEIx 5fE5jsHl3pZs+50ApJk3xx8= =bov2 -----END PGP SIGNATURE----- _______________________________________________ Bug-cvs mailing list Bug-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/bug-cvs