Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to email@example.com.
Cheok Yan Cheng wrote: > When I setup CVSNT server, 2 objectives in my mind: > > (1) Users (except root) should not have read/ write > permission to the CVS repository through remote > control (for example, telnet) > > (2) However, users can checkout/ checkin the files to > CVS repository through CVS pserver. (by using tortoise > cvs) > > For (1), I can just simply set the CVS folder to chmod > 700. However, by setting the CVS respository to 700, > this will break (2). User can no longer checkout/ > checkin files to CVS repository through CVS pserver > > The simplest solution is to disable telnet feature. > However, we do not want to do so. We want the user to > have the ability to remote control, in order to > perform other operations. > > Any advice for achieve (1) and (2) at the same time? > Create a user (and group, possibly) for cvs. chown the repository to this user, and chmod 700 the directories (and 600 for the files). Then in the PServer file set RunAsUser to this user. The server will always setuid to that user to access the repository, so remote users will be able to work, but local users will have no access. The downside is this breaks local access to the repository and (by extension) ssh access, since ssh doesn't have a mechanism for changing the user it impersonates... since ssh and telnet are equivalent, permissions wise, you can't have one without the other. Tony