[Cvsnt] aliasing as Admin

Bo Berglund Bo.Berglund at system3r.se
Mon Mar 18 17:05:43 GMT 2002

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

Arvind,
I was not aware that you were running the server with ntserver protocol only.
Recently all the discussions seem to have centered on pserver problems so I
assumed that this was what you were asking too. Win ntserver it is much simpler!

But first let me clarify the admin business, I did not refer to the cvs admin
command in my postings, I was only talking about the CVSROOT/admin file which
presumably controls who has rights to change the password of others etc. This
I have not testsd myself though, because i am using only ntserver at work (where
there are more developers than myself).

So security in a CVSNT system with ntserver protocol only:

1. The whole repository must be on NTFS file system
2. Create two NT user groups, call them CVSUsers and CVSAdmins
3. Check out CVSROOT from the repository
4. Open the config file and add this to the file: LockDir=D:/CVS/LockDir
   (Of course set the directory location to some position on your server)
5. Create the directory mentioned in the Lockdir parameter and set permissions
   to full control for everyone
6. Save and commit the config file
7. Set the permissions for CVSUsers on the CVSROOT dir and all files to read only
8. Set the permissions for CVSAdmins to full control
9. Remove all other permissions except SYSTEM and possibly Backup from the dir
10. Add your users to the two groups according to roles

Now you should have a situation where the CVSAdmins are the only persons able to
commit any changes to the CVSROOT files and also thus able to change the passwd
file. (But this file should not be accessible directly to anyone since you should
place your repository on a separate disk partition on the server with no shares
defined...). When others try the cvs passwd command it should fail.

The Lockdir setting moves the write activity for normal operations out of the
CVSROOT directory and I think it is needed for some file operations inside the
CVSROOT directory. In any case you need this if you want to run the CVSWeb server
for repository browsing.

/Bo


-----Original Message-----
From: Arvind Raman [mailto:arvind_raman_tech at yahoo.com]
Sent: den 18 mars 2002 15:24
To: Bo Berglund
Cc: CVSNT
Subject: RE: [Cvsnt] aliasing as Admin


Hi Bo and others,
Well I have still not been able to settle the
administrative rights issue on the database and to my
misfortune also found the following mentioned in the
"Cederqvist" manual: "On NT, the cvsadmin feature does
not exist and all users can run cvs admin."
Is there a work around it? Does this mean there can be
no administrator for a CVS database setup on a NT
server.
As you said Bo I did create a "admin" file in the
CVSROOT directory. I am using the ntserver protocol
and use the network PDC (Primary Domain Controller)
for authentication. I am sure that the client server
setup is correct for I am able to do all the day to
day work free of any hassles. It is in this
environment that I want administrative rights on the
database. What I can think of as of now is to be the
sole user to have NTFS write permissions to the
CVSROOT directory. I am not sure of the other issues
that this might arise. Would it be possible for the
other users to contine their normal activities without
having any permissions (read, write whatsoever) to the
CVSROOT directory.

Thanks and regards
Arvind

--- Bo Berglund <Bo.Berglund at system3r.se> wrote:
> OK, this is a security file like passwd so it is not
> among the files that
> get created automatically and which are checked out
> when you cvs co CVSROOT.
>
> You must use your favourite editor and create a file
> by this naem yourself.
> Put a list of names (one each line) like in the
> passwd file, except only user
> names are needed here.
>
> Save as CVSROOT/admin
>
> /Bo
>
> -----Original Message-----
> From: Arvind Raman
> [mailto:arvind_raman_tech at yahoo.com]
> Sent: den 18 mars 2002 11:57
> To: CVSNT
> Subject: RE: [Cvsnt] aliasing as Admin
>
>
> Hi
> I went thru the list of files under the CVSROOT
> directory but couldn't find a file named admin.
> I even enabled the "show hidden files option" but
> still couldn't find the admin file.
> I am not sure what needs to be done to get
> administartive priviliges on the database.
>
> Thanks and regards
> Arvind
>
>
>
> --- Bo Berglund <Bo.Berglund at system3r.se> wrote:
> > I am not really sure about that, but I have seen
> > mention of a special
> > file CVSROOT/admin which contains a list of users
> > who are granted the
> > permission to operate as repository admins and
> thus
> > add/modify the
> > passwd file.
> > If this is so I guess that by adding the intended
> > users to such a file
> > should do the trick.
> >
> > This comes from a recent post by Tony Hoyle,
> talking
> > about the admin file:
> >
> > "Looking at the current code it seems to require a
> > linefeed at the end of
> > the last name (otherwise it misses it).  That's a
> > bug that'll probably
> > end up as a FAQ if I don't fix it :-)"
> >
> > /Bo
> >
> > -----Original Message-----
> > From: Arvind Raman
> > [mailto:arvind_raman_tech at yahoo.com]
> > Sent: den 18 mars 2002 08:11
> > To: Cvsnt at cvsnt.org
> > Subject: [Cvsnt] aliasing as Admin
> >
> >
> > How do we create an administrative login for a CVS
> > database.
> > Is there a way on setting that "an user and only
> > this
> > user" could have administrative rights on the
> > database. For instance he is the only person who
> can
> > add and delete users and change passwords for the
> > users.
> > Early today in Bo Berglund email I read that one
> > could
> > alias as an admin. Could anybody elaborate on
> that.
> >
> > Thanks
> > Arvind
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Sports - live college hoops coverage
> > http://sports.yahoo.com/
> > _______________________________________________
> > Cvsnt mailing list
> > Cvsnt at cvsnt.org
> >
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Sports - live college hoops coverage
> http://sports.yahoo.com/
> _______________________________________________
> Cvsnt mailing list
> Cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs


__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/
_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs

More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook