On Fri, Jul 21, 2000 at 09:35:49AM -0700, Stephen Rasku wrote:
> From: Pavel Roskin <[EMAIL PROTECTED]>
> >It is possible, but it may be not what you want. All modern Linux
> >distributions support PAM, so you can just disable logins and
> whatever
> >else those developers can do with that machine (ftp, rexec). It is in
> many
> >cases better than "depersonalizing" them. You still know who is who
> >without letting untrusted people in.
> >
>
> I may have mislead you. This was just something that I noticed while
> I was testing on Linux. We intend to have the CVS server on Solaris.
> I take it that Solaris supports PAM as well?
Check out http://www.loria.fr/~molli/cvs/doc/cvs_2.html#SEC29 for information
on pserver security options. You can set up a CVS-specific passwd file
in the CVSROOT directory and, e.g., use it to map all users to a generic
'cvsuser' account, which doesn't need the ability to log in. cvsuser will
then own all of the files, but commit information will still be logged
with the CVS username rather than the unix username. You might want to
even use this technique with users who have real accounts on the server,
as it will (a) keep everything owned by a single dummy user, which seems
to be what you want, and (b) allow your developers to have a CVS password
that's different from their login password (which is a Good Thing, given
that pserver logins are done in cleartext).
--
The Shortest Windows Manual: "Turn off the power switch."
Geek Code 3.1: GCS d- s+: a- C++ UL++$ P+>+++ L++>++++ E- W--(++) N+ o+ !K
w---$ O M- !V PS+ PE Y+ PGP t 5++ X+ R++ tv- b++ DI++++ D G e* h+ r++ y+
