Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
cvsnt-bounces at cvsnt.org wrote on 10/20/2006 10:35:50 AM: > Hmm... "unless you are doing something extremely dumb..." > Reason: the box is *not* dedicated, every user will have shell > access to the machine, I need this feature for other purposes. > > Remember: It's a unix server, and every user will have a shell > account on the machine. They will, via their shell account, be > able to "cd /to/places" on the same file system as the > repository. Thus, I believe it is much like ":local:" This changes EVERYTHING. if they have a shell account, they can already "cd /whatever/they/want", unless you've used filesystem acl's to prevent them. the problem with CVS though, especially CVSNT, is that it's designed for use as a networked server. So all of the security bits follow this idea. If you use :local:, all of the server stuff is bypassed. you're left with whatever the filesystem ACL's can do for you. here's what you need to consider. doing a "cd /" and poking around is totally separate from anything cvs related. this should be secured in whatever way you deem appropriate. you MAY want to chroot your cvs stuff so users can't do any permanent damage to the main system. since this isn't dedicated, what else do users do on this thing besides CVS that could also be a security problem? Also, as far as CVS is concerned, remember that users will need filesystem write access in order to do commits. this basically means that they can seriously damage/modify the actual repository (the ,v files) any way that they choose. make sure they only have access to what they need to have access to, and make sure they understand that they shouldn't do something stupid like "vi somefile.txt,v" or "cvs ci -m'doing something stupid here...' somefile.txt,v". Good luck. Brian