Table of Contents
A remote cvsnt repository can be set up to have its own security system outside of the standard security provided by the system. See also information about the chacl and chown commands, and the CVSROOT/admin file.
First setup the server normally. Changing the base path as described in the section called “Using repository aliases” can be very convenient. The command should run as the user that owns the repository (not root). Use the RunAsUser setting for this.
On Unix systems setting a the Chroot variable is recommended also.
To lock down the access to the repository by default set the AclMode setting in the CVSROOT/config to 'normal'. This will stop anyone accessing the any file unless they are specifically granted access by an access control entry
On a secure system it is recommended that pserver is not used, as it sends its passwords in a trivially decryptable form. On Windows systems use encrypted SSPI, and on Unix ssh is recommended.