Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to firstname.lastname@example.org.
duane_ellis at franklin.com wrote: >> Forget about file system ACLs, and use simply the cvsnt ACLs. They work >> the same on Windows and Linux AFAIK. The only thing that may be >> different is where cvsnt gets the info about the users from, but there >> should be info out there about this. > > Ah.. think I must use the filesystem ACLs... > > Otherwise users can just "cd /to/the/CVSROOT" and gain access > to thinks they should not have access to. Disclaimer: IANXSA (I am no *x sys admin :) I just know a bit of *x as a user. You may think about running the cvsnt service as its own user, give it only access to what you want cvsnt to access, and prevent all other users from accessing the repository (using file system ACLs). This way nobody could run your "cd /to/the/CVSROOT" command. Access to CVSROOT would be only through cvsnt, secured by cvsnt's ACLs. Besides, you should of course block all access to the server that is not desired. So if you don't want your users to have direct command line or file system access, don't give it to them. cvs(nt) accesses the server through one specific port (2401 by default). This is the only port that needs to be open for cvs(nt) access. (There might be others needed for SSH.) Do they have to be able to run a shell on the server? If not, don't allow it. No shell, no "cd". > Unless CVSNT runs as "SETUID so-other-user" and the entire CVS > repository is non-accessable by casual "cd /to/the/CVSROOT" I'm not sure how that works on *x systems, but on Windows the cvsnt service can be set up to run as the user that connects through the client ("impersonation"). Depending on your security setup, this may be desired (you have the cvsnt processes running as the user who runs a cvsnt command -- permissions work on the individual user) or not (you have the cvsnt processes running always as the same cvsnt user -- all cvsnt access permissions are set through only one user). For example, on my Windows server I use impersonation -- but I have blocked all shell/telnet/file system/etc access. So the users, if they could log in to a shell on the box, could access some files they shouldn't, but they can't log in -- other than through cvsnt, at which point they are confined to the repository through the cvsnt ACLs. > I don't see how I can stop users from "cd /to/the/CVSROOT" and looking > around. "cd" is not a cvsnt command. Preventing users from running "cd into/something" has nothing to do with cvsnt, it seems to me. That sounds like a *x system admin question. But maybe this has been answered above. > Please understand, perhaps my understanding is clouded with the fact I've > been using standard UNIX based CVS for +12 years and I don't know > some key difference with CVSNT. One key difference seems to be that cvsnt has its own ACLs. cvs doesn't have them. So if you can restrict your users to running cvsnt (or prevent them from accessing the repository files other than through cvsnt) and use cvsnt ACLs to restrict access to repository files, you're set it seems to me. Gerhard