Hi, I had the same problem some time back. Following is the way I have my repository working now.
OS: Unix ( actually it is NFS mounted volume, that I am sure someone here will say DONT DO THAT :-p) CVSAdmin : One Unix user and one Unix group (say cvsadmin:cvsadmin for now) Repo Permission: drwxrwx--- ( only allow cvsadmin:cvsadmin) CVS bin : setgid "cvs" binary, setting permission as user:cvsadmin Since repository is under cvsadmin:cvsadmin, no one can read/modify data. Only this cvs setgid binary can extract or modify files. I allow checkout by anyone. For committing changes I have added checkin script ( in Perl ) that does the necessary ACL check. It checks for the username and compares it if that user is allowed to checkin or not. Viola problem solved :-p This is for Unix users. I am trying to work on wincvs now as well. But it sure will take some time. I sure need input on the Unix solution from you people, for possible hacks that users may use to do any harm. I know NFS itself can do some harm so I have made users to wait for say 20 seconds before the changes will be reflected in cvs properly. Regards, Vishal Jain -----Original Message----- From: Dustin Cavanaugh [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: How 2 Secure the repository? Environment: cvs 1.11.1p running on unix. Clients are mostly wincvs1.13.7+ (in-house modifications to prevent password display on the screen), plink for ssh connection. Developers have valid login on unix server and are members of the cvs and users groups. How do I protect the repository from developers modifying or deleting code directly without using cvs? Any protection scheme we've been able to think of either locks them out completely or has loop holes. _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
