On Thu, 24 Jan 2002, Greg A. Woods wrote: > > When someone uses shared accounts, they throw away Unix > > security. Maybe that's your point, but on the other hand > > Unix security is not needed in many carefully controlled > > situations. > > No, they throw away any and all possibility of > accountability, especially with CVS. Period.
Hi Greg, You obviously have very strong feelings about this... Can you help me understand specifically what risks are involved? These are the precautions I'm taking: - The CVSROOT directory is read-only, so customers can't add their own users without going through me, nor can they set up wrappers. - CVS runs as the user(s) specified in the CVSROOT/passwd file. Each repository gets its own user, that does not have access to any other repository. - The cient-server traffic is protected with SSL. - I am in the process of setting up a chrooted jail (or jails) on the server, to keep CVS from accessing any other directories. What am I missing? What other sorts of security issues do you see? Thanks, - Michal http://www.sabren.net/ [EMAIL PROTECTED] ------------------------------------------------------------ Give your ideas the perfect home: http://www.cornerhost.com/ cvs - weblogs - php - linux shell - perl/python/cgi - java ------------------------------------------------------------ _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
