On Mon, 2 Apr 2001, Larry Jones wrote:
> Jan Grant writes:
> >
> > I'm a bit stumped as to where patches for this should go. We're looking
> > at running CVS here using :ext:-mode access and ssh, and using sshd's
> >
> > command="cvs --allow-root=/blah server"
> >
> > option to limit people to only runing CVS.
>
> Since sshd ends up running as the real user, why don't you just use Unix
> permissions to restrict people to the appropriate repositories?
In riposte, can I ask: why does pserver need --allow-root?
(a) defense in depth; (b) paranoia; (c) it's simpler; (d) there's a
limit to the number of groups that a person can be in*.
jan
* Yes, it's a real problem.
--
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 [EMAIL PROTECTED]
__/\____/\_____/\____/|_____________________________________ flatline
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
