-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sensei <[EMAIL PROTECTED]> writes:
> I'd like to make the cvs repository for our department accessible by > anyone, but keeping the ssh connection. Good choice. > In other words, is it possible to make a user anonymous with group > anonymous read via ssh the repository, this belonging to root with > group cvs. Yes, but it would be better to hae a LockDir which uses group permissions of users that can both read and write and the group in your repository should be for only those members who are allowed to do write operations. > I'm trying to do this, but anonymous can't get a lock over the cvs > repository, since it doesn't belong to the cvs group. > > How should I do? Create an anoncvs user. This user is in NOT in group cvs (which is allowed write access), but is allowed to create locks via the directories in LockDir which may have world-write access and anoncvs also has a private SSH key for which you publish the public SSH key. The authorized_keys file uses the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/cvs server" mechanism to allow only cvs commands to be executed. Here is an example of how to do it: http://www.kitenet.net/~joey/sshcvs/ The basic idea is that anyone can write into your LockDir, but not your repository. Good luck, -- Mark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAn77I3x41pRYZE/gRAn0YAKCpu+1oUbkPZWyw527Sfd/NsUGOEgCdGB/C S0wOg6ohKq1fQx1mKQO4Iv0= =K3Gb -----END PGP SIGNATURE----- _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
