--- Brandon Craig Rhodes <[EMAIL PROTECTED]> wrote: > Chris Palmer <[EMAIL PROTECTED]> writes: > > > Under [the pserver] model, is all access > controlled solely via the > > unix system permissions, or can I also control > things with the > > CVSHOME/readers, writers, passwd files? I am > hoping that these are > > still used by CVS even if I'm not using the > pserver authentication > > system. > > Coming in through ssh normally dodges the CVS access > control files. > Imagine how annoying this would become if your site > wanted to offer > both ssh and pserver password access - you would > have to duplicate the > same set of permissions in your Unix filesystem > hierarchy and in the > `readers' and `writers' files! > > If you are comfortable patching your CVS server, > this is easy to > change. The `readers' and `writers' files are > consulted by the > server.c:check_command_legal_p(...) function > whenever the variable > `CVS_Username' is set - which normally occurs only > when using pserver, > when it finds an alias in the `passwd' file. But > you can simply > rewrite the function to use the user's login name > instead if it finds > that `CVS_Username' is unset - this way, when he > comes in through ssh, > he will still be searched for in `readers' and > `writers'. > > If you are willing to run such a modified server, > but cannot write > this patch on your own, let me know and I will write > and post a patch > to do it this evening.
In the end, the OS still controls permissions to the repository. IOW, if file system permissions haven't been set for the user, no matter what CVS says, the user will not be able to access the repository. If, OTOH, one decides to turn on permissions for everyone, then, yes, CVS can control permissioning to the repository *assuming everyone comes in through CVS*. So, in order to use this patch, one'll have to leave a big, gaping hole in the security of the repository. HTH, Noel __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
