Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to email@example.com.
Hi all. I'm trying to set up cvsnt on a win2k box and have been reading a lot on the subject lately, but still have a few questions regarding security issues. As the server will eventually be accessible over internet, I need to get it right. Currently installed is cvsnt 2.0.47, with the command line client, server components + setuid lsa helper, RCS emulation (needed?), SSL (:sserver:) protocol + CA certificates, and readme/help files. To secure myself from remote exploits due to bugs in cvsnt, I've made a new user account, 'cvsadmin', for running the service. It belongs to the guest group for write access to /temp folders and read access to the cvsnt executables, (Should have access to /temp as needed, with a default w2k-server setup, or?), and has full access to the repository. To add a (the first) user, I just create the passwd/admin files with no passwd/nt-user in 'passwd'. Will of course have to add a password once things get going. Then to securing the system.. I figure I'll need to create a second account for this, 'cvsuser', with restricted access rights. It shouldn't need even read access to passwd/admin, so I add deny clauses for both of those in the ntfs acl's. Maybe I could even deny all access to the CVSROOT directory, or will that stop things from working? And for this to work, every single user account created has to be on the form "<cvslogin>:<password>:cvsuser" ? If i forget about the 'cvsuser'-account-part, they'll essentially have admin access? (or at least be able to read 'passwd'/'admin'?) As I'm new to both CVS and windows security, in other words don't have a clue what I'm doing, this probably isn't the best approach, and may not even be working correctly. Any feedback appreciated, Tore _________________________________________________________________ MSN Life Events gives you the tips and tools to handle the turning points in your life. http://lifeevents.msn.com