-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pankaj Garg <[EMAIL PROTECTED]> writes:
> I wonder why do we not CVS has a server which run with SUID (Super > User ID) and only it can access repository. Other users can login via > SSH, verify their credentials with our CVS Server and ask CVS Server > to carry out their requests. They can request normal repository > operations based on their privilege. This new CVS server will give > much better control because we can set minute details of permissions > on repository and files inside it. In fact we can have just One > repository in all and host multiple projects under it and give control > of these projects to different group of people. > > Whats stopping people from implementing this? You should be able to implement it if it will meet your needs. Something like the second-to-last paragraphs of this message: http://mail.gnu.org/archive/html/info-cvs/2004-01/msg00163.html is posible. I know of a site that runs cvs as a set-gid 'cvs' program wherein all of the files and directories are in group 'cvs' as an aid to avoid accidental deletion. A set of periodic jobs gets run as root to chown the files all to user cvs. No real users are in group cvs and the cvs user does not have a real password. No file in the repository has world read or write permissions. Additional protection may be found by making the parent directory for the repository is only visible to members of the 'software' group for the software repository. So, this means that only members of the 'software' group would be able to run the set-gid cvs executable to do any cvs operations at all. Enjoy! -- Mark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAIDDO3x41pRYZE/gRAmNGAJ9+6wBMVW6lIxBGiHRsZc1ODtwFEgCfcTp4 /bzSvuptRQBRKkW/dEMtIgY= =t7dG -----END PGP SIGNATURE----- _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
