Jeff,
Jeff Pream wrote:
What is the correct way to tighten security in CVSROOT such that some
in-house contractors would be able to check files out of some projects,
but not be able to mess with any of the cvs scripts? There are some
projects that I do not want the contractors to be able to get to, so for
these I changed group permissions on the project directories within the
repository.
What I would do is to first set the LockDir variable in the
CVSROOT/config file to somewhere world writable
(/var/lock/cvs/<repos_name> is what we use.)
Then to make it so only the user could change the files change the write
permissions on CVSROOT and its contents to be read-only for group and
others:
cd <repos>
chmod -R go-w CVSROOT
If you wanted to have more people than just the user to be able to
change those files you could define a group that those privileged users
were a member of, set the group-id of CVSROOT and its files to that
group, then just make them read-only for others:
cd <repos>
chgrp -R some_admin_group CVSROOT
chmod -R o-w CVSROOT
There are probably other approaches too, that others may chime in with.
--
----------------
Mark E. Hamilton
Orion International Technologies, Inc.
Sandia National Laboratory, NM.
505-844-7666
_______________________________________________
info-cvs mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/info-cvs
