Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

CVS Security

Posted on 2004-11-02
6
Medium Priority
?
389 Views
Last Modified: 2010-04-20
I need to allow certain users the ability to read and write some modules in CVS, while being restricted from reading the rest, or certain others.

Does anyone know of a way to accomplish this?
0
Comment
Question by:Chireru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 2

Expert Comment

by:ITG-SSNA
ID: 12474886
One was is to set the CVS daemon (part of xinetd) to require a PAM authenticated password, meaning they have to be a user on the system before being added as a CVS user in the cvs.allow files. In this way, you can assign different un*x style groups in the server settings, use CHMOD to attribute the source trees, and if they try to check out a module they don't belong with, then they will get permissions denied errors from CVS.

I found WinCVS handy in this respect as it inherently supported mapping multiple users. http://www.wincvs.org/

Let me know if this helps you.

Highest regards,

~K Black
Irvine, Ca.
0
 
LVL 5

Author Comment

by:Chireru
ID: 12475204
That's an idea, however, I'd like to try to keep it on the pserver protocol.  If I were to implement that, I would use CVS over SSH, which would force the authentication.

I may end up going that way, but I've also found this, which allows ACLs to be set:
http://cvsacl.sourceforge.net/

I'm still looking for ideas though, the easier to maintain and implement, the better.
0
 
LVL 5

Author Comment

by:Chireru
ID: 12475231
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 2

Expert Comment

by:ITG-SSNA
ID: 12475345
Can't you just add a line in the config file of the CVSROOT dir like

SystemAuth=no

And then use 'passwd' flatfile auth within the CVS Tree (somewhat like .htaccess)?

[root@mail CVSROOT]# ls
checkoutlist    config,v       Emptydir/  modules,v  rcsinfo,v  verifymsg,v
checkoutlist,v  cvswrappers    history    notify     taginfo
commitinfo      cvswrappers,v  loginfo    notify,v   taginfo,v
commitinfo,v    editinfo       loginfo,v  passwd     val-tags
config          editinfo,v     modules    rcsinfo    verifymsg

[root@mail CVSROOT]# cat passwd
dkwan:ZPpGYyHjL/Jpk:dkwan
sangam:XTzBWBOINS1Tc:sangam
admin:OLFbiCvHcxFe6:admin
sunlux:BD.QTI/uLaaP2:sunlux
[root@mail CVSROOT]#

The cvs passwd file knows crypt and md5 passwords I get from the
/etc/shadow file.

Regards,

~K Black
Irvine, Ca.
0
 
LVL 5

Author Comment

by:Chireru
ID: 12476701
It looks like the passwd file would be per-repository, which means that I can't restrict it per-module..
0
 
LVL 2

Accepted Solution

by:
ITG-SSNA earned 1500 total points
ID: 12476860
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question