[cvsnt] ACLs, permissions, readers/writers, etc

John Kinson cvs at yellowradio.com
Mon Aug 23 17:14:12 BST 2004


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


> You don't want group under version control, for the same reason you 
> don't want passwd under it... it basically allows anyone who gets commit 
> access to CVSROOT full access to your machine.

Just to hopefully clarify:

If a user has commit access to CVSROOT they can do what they like with 
the group and passwd files etc, regardless of whether they're under 
version control or not.  All a user need do is add the file as a new 
file, include it in the checkoutlist, then the server-side file will be 
replaced with the user's file when they commit.

Write access to CVSROOT needs to be locked down to administrators, and 
the decision as to whether to place a CVSROOT file under version control 
should be based on whether you want users to be able to read it, not 
whether they should be able to write to it.

JK
-- 
http://www.yellowradio.com/

If technology doesn't seem like magic,
it's probably obsolete.




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook