Solved

CVS Security

Posted on 2004-11-02
384 Views
Last Modified: 2010-04-20
I need to allow certain users the ability to read and write some modules in CVS, while being restricted from reading the rest, or certain others.

Does anyone know of a way to accomplish this?
0
Question by:Chireru
    6 Comments
     
    LVL 2

    Expert Comment

    by:ITG-SSNA
    One was is to set the CVS daemon (part of xinetd) to require a PAM authenticated password, meaning they have to be a user on the system before being added as a CVS user in the cvs.allow files. In this way, you can assign different un*x style groups in the server settings, use CHMOD to attribute the source trees, and if they try to check out a module they don't belong with, then they will get permissions denied errors from CVS.

    I found WinCVS handy in this respect as it inherently supported mapping multiple users. http://www.wincvs.org/

    Let me know if this helps you.

    Highest regards,

    ~K Black
    Irvine, Ca.
    0
     
    LVL 5

    Author Comment

    by:Chireru
    That's an idea, however, I'd like to try to keep it on the pserver protocol.  If I were to implement that, I would use CVS over SSH, which would force the authentication.

    I may end up going that way, but I've also found this, which allows ACLs to be set:
    http://cvsacl.sourceforge.net/

    I'm still looking for ideas though, the easier to maintain and implement, the better.
    0
     
    LVL 5

    Author Comment

    by:Chireru
    0
     
    LVL 2

    Expert Comment

    by:ITG-SSNA
    Can't you just add a line in the config file of the CVSROOT dir like

    SystemAuth=no

    And then use 'passwd' flatfile auth within the CVS Tree (somewhat like .htaccess)?

    [root@mail CVSROOT]# ls
    checkoutlist    config,v       Emptydir/  modules,v  rcsinfo,v  verifymsg,v
    checkoutlist,v  cvswrappers    history    notify     taginfo
    commitinfo      cvswrappers,v  loginfo    notify,v   taginfo,v
    commitinfo,v    editinfo       loginfo,v  passwd     val-tags
    config          editinfo,v     modules    rcsinfo    verifymsg

    [root@mail CVSROOT]# cat passwd
    dkwan:ZPpGYyHjL/Jpk:dkwan
    sangam:XTzBWBOINS1Tc:sangam
    admin:OLFbiCvHcxFe6:admin
    sunlux:BD.QTI/uLaaP2:sunlux
    [root@mail CVSROOT]#

    The cvs passwd file knows crypt and md5 passwords I get from the
    /etc/shadow file.

    Regards,

    ~K Black
    Irvine, Ca.
    0
     
    LVL 5

    Author Comment

    by:Chireru
    It looks like the passwd file would be per-repository, which means that I can't restrict it per-module..
    0
     
    LVL 2

    Accepted Solution

    by:
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Lean Six Sigma Project Manager Certification

    There are many schools of thought around successful project management, but few as highly regarded as the Six Sigma and Lean methods. With 37 hours of learning, this training will explain concrete processes for increasing efficiency and limiting wasted time and effort.

    rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
    The purpose of this article is to demonstrate how we can use conditional statements using Python.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now