--- Noel Yap <[EMAIL PROTECTED]> wrote:
> Huh? From my experience, there is no maintenance of > the SGID bit -- just set it and forget it (can I be > sued for using this phrase? :-) I prefer users not have write access to the physical repository filesystem or have the repository dictate requirements on the user for access, such as requiring an OS account or belonging to a specfic group (especially as devlopers come and go between groups in the company). Maybe there isn't allot of maintenance setting up a SGID setup, but I prefer not to have to mess SGID setups, personal preference I guess. > Moreover, since pserver doesn't run as the user, > tracability is compromised. Somehow, pserver has to > know who is doing a checkin. This information has to > come from the client. Wouldn't clients be able to > spoof a username? Don't know how to spoof a username, but all actions in the CVS repository are attributed to the logged in user, not to the non-root pserver account. I know this isn't the absolute most possible secure setup of CVS, but the setup in on a intranet and users are trusted. I think this setup is sufficient to keep honest people honest. Mark __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
