--- Mark <[EMAIL PROTECTED]> wrote: > > --- Noel Yap <[EMAIL PROTECTED]> wrote: > > > Huh? From my experience, there is no maintenance > of > > the SGID bit -- just set it and forget it (can I > be > > sued for using this phrase? :-) > > I prefer users not have write access to the physical > repository filesystem or > have the repository dictate requirements on the user > for access, such as > requiring an OS account or belonging to a specfic > group (especially as > devlopers come and go between groups in the > company). Maybe there isn't allot > of maintenance setting up a SGID setup, but I prefer > not to have to mess SGID > setups, personal preference I guess.
This part is a personal preference. OTOH, if one is talking about security and hackability, accountability and tracability cannot be discounted. Using pserver eliminates any chances of accountability and tracability which means that it is insecure and hackable. > > Moreover, since pserver doesn't run as the user, > > tracability is compromised. Somehow, pserver has > to > > know who is doing a checkin. This information has > to > > come from the client. Wouldn't clients be able to > > spoof a username? > > Don't know how to spoof a username, but all actions > in the CVS repository are > attributed to the logged in user, not to the > non-root pserver account. How is this done? In the end, it's up to the client to transfer that info over to the server. > I know > this isn't the absolute most possible secure setup > of CVS, but the setup in on > a intranet and users are trusted. I think this setup > is sufficient to keep > honest people honest. I agree. OTOH, the original poster was asking for some way to limit the hackability of the repo. Noel __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
