[cvsnt] ACLs, permissions, readers/writers, etc
cvs at yellowradio.com
Mon Aug 23 17:14:12 BST 2004
> You don't want group under version control, for the same reason you
> don't want passwd under it... it basically allows anyone who gets commit
> access to CVSROOT full access to your machine.
Just to hopefully clarify:
If a user has commit access to CVSROOT they can do what they like with
the group and passwd files etc, regardless of whether they're under
version control or not. All a user need do is add the file as a new
file, include it in the checkoutlist, then the server-side file will be
replaced with the user's file when they commit.
Write access to CVSROOT needs to be locked down to administrators, and
the decision as to whether to place a CVSROOT file under version control
should be based on whether you want users to be able to read it, not
whether they should be able to write to it.
If technology doesn't seem like magic,
it's probably obsolete.
More information about the cvsnt