> Hi, > > I have recently installed the CVS NT Server in Windows 2000 Server Edition. I am using WinCVS 1.3 client.They work fine.To implement CVS at organizational level,I am exploring CVS and all its features.I have the following queries from security point of view : > First, please use a carriage return every 70 characters or so. Not all mail readers handle extremely long lines well.
Second, I can give you the Unix CVS answer to these questions, but they mostly depend on the Unix file system. If you want the answers for CVSNT, I would suggest going to http://www.cvsnt.org and signing up for that mailing list. > How to give read access to a particular module ? In standard CVS, this is done by the use of group permissions, with one group for each module you want to give separate access to. Everybody should be able to read a module, but only those who have write access to the directory can check in. You need to use the LockDir= option in CVSROOT/config. Note that some Unix variants have more specific ways of limiting access other than the standard everybody-group-owner permission bits; the principle is that a read-only user can read the directory (and has write permission to the lock directory), whereas anybody who can write to the directory can check in. File permissions are irrelevant (except that you have to be able to read a file to check it out). > How can I prevent a module to be checked out from the client end(say the CVSROOT module which I do not any one to access other than the Administrator) ? Don't allow anybody to have read permission on the directory. Since you probably want a "cvsadmin" group to limit use of "cvs admin", you can have CVSROOT set to that group, with no "everybody" privileges. > How can I prevent a particular file to be checked in by a user, in cases where we >want to restrict check-in ? > With a commitinfo program that grabs the user from the environment and takes the file names on the command line. Return non-zero if this file is not to be checked in by that user. > I am using pserver protocol. > In which case your security isn't strict, but is fairly easily spoofable. This may or may not be adequate for your needs. If not, get a Linux box and use the :ext: access method with CVS_RSH=ssh. David H. Thornley | If you want my opinion, ask. [EMAIL PROTECTED] | If you don't, flee. http://www.thornley.net/~thornley/david/ | O- _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
