I haven't been following this thread so forgive me if I repeat anything. Along with standard file system permissioning, you may want to see if your file system supports ACLs (man setfacl and getfacl for more info). Also, if you use SSH, you can limit the server to CVS access only (see SSH docs on how to do this), thereby preventing direct access to the repo. Noel Hugo van der Merwe writes: > > Now I wonder, as any of those users can modify any file in this > structure, is "trust" the only way I can stop them from messing with my > other projects? The way you have things currently set up, yes. > (Must I create a second repository with different "group > ownership" for this?) You don't have to go that far -- you can set the ownership of different directories in a single repository so that only users in a particular group can read and/or write them. > Secondly, with any user being able to modify > CVSROOT, as what user does the commands get executed, e.g. commit mails > from commitinfo... these run as the user doing the commit I assume? That's correct. > That > means any user can cause any other user to run an arbitrary command as > himself... ? That's also correct. But CVSROOT is just a directory like any other directory -- if you change it to be owned by a different group and only give that group write privilege, then only memebers of that group will be able to change the files in it. -Larry Jones I keep forgetting that rules are only for little nice people. -- Calvin _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase & Co., its subsidiaries and affiliates. _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
