Julian Opificius wrote: > <SNIP> > I have one more issue that affects my choice that I should have > mentioned earlier. We are working in an FAA-regulated environment, and > my CVS respository must be secure, in that nobody can impair the > lifecycle data, and all accesses must be documented and controlled, > i.e.e all accesses must be via the cvs server. This is why I chose > pserver in the first place. > > How can I maintain this level of integrity without pserver: keeping the > repository itself inaccessible, while allowing write access through cvs?
If you search the list[1] and some of the howtos you should be able to figure out how to set ssh so that the users can only execute one command on the server, that command is 'cvs'. If you are already giving them SSH access to the machine, to then run pserver, you have less accountability (and/or authentication [I can never remember which]) than if you were just giving them SSH (with no restrictions on commands), because all logs show the cvs user they are mapped to instead of the real user name (look for some of Greg A. Woods posts[2] on these matters). [1] http://lists.gnu.org/archive/html/info-cvs/ A promising hit is http://lists.gnu.org/archive/html/info-cvs/2003-09/msg00203.html [2] http://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=woods+AND+ssh+AND+pserver&idxname=info-cvs&max=20&result=normal&sort=score -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
