> >> I am trying to setup a single cvs server to server multiple (10+) repositori
> >es
> >> (via "pserver"). From the info page, I am apparently supposed to have one
> >> "--allow-root" line per repository, but that exceeds inetd's internal line
> >> limit, and the solution of having inetd call a shell script seems crufty.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> I am aware of that solution, but like I said I think there is a cleaner,
> simpler way to do it. Someone wrote me back privately to tell me that they
> had submitted a similar patch for this earlier, only to have it rejected (He
> has not yet gotten back to me as to why it was rejected). Is there some other
> issue I am missing here as to why people are against this?
Hi,
some months ago, there was an --allow-list thread on this issue in
this list. Perhaps you can find it at egroups.com. I also had the
idea to make this --allow-root-list patch but I didn't start that work
because I don't want to run a branch of the official distribution, and
the support for this solution has been to weak.
Indeed, there was another issue involved: There appears to exist quite
a large fraction in the CVS community which believes that pserver
access is inherently unsave because any write access to the cvsroot
directory allows root access to the system. While, sadly enough, this
is true, there is a dispute about how much CVS should care about
security (which appears to be quite a big chunk of work). There are
people who say that security should be granted by other means,
e.g. ssh. It seems to me that this implies the tendency not to
support pserver development.
To me, the open problem remains:
1) I want to set up a dedicated CVS server for approximately 20 repositories
managed by possibly different people.
2) The repository managers ( as myself too) do not have root access, but they
want to control to a larger or smaller extend the access of other
people (inside and outside of our domain) to
their repositories without interfering with the sysadmin. Ideally
in a fine grained way -- on a per user and per directory base.
3) I would like to run jCVS as a GUI for the vanilla user.
This is inherently bound to pserver.
I am still thinking about the right compromise. It would be good to have
a flexible and at the same time secure CVS setup as one aim of code
development.
Juergen
Juergen Fuhrmann Numerical Mathematics & Scientific Computing
Weierstrass Institute for Applied Analysis and Stochastics
Mohrenstr. 39 10117 Berlin fon:+49 30 20372560 fax:+49 30 2044975
http://www.wias-berlin.de/~fuhrmann mailto:[EMAIL PROTECTED]
