[cvsnt] Re: How protect CVSROOT
Tony Hoyle
tmh at nodomain.org
Tue Feb 25 21:58:42 GMT 2003
Zioowo wrote:
> Hi,
>
> I would like to protect CVSROOT folder in my repository.
>
> I give NTFS permissions for users (read, read & execute, list folders),
> but clients recieves: "permission danied for history file" and some
> options doesn't work good (for ex. update by tag)
>
> When I give write permission to CVSROOT all is working good, bur users can
> change my admin files such as config, loginfo, notify ....
Your repository shouldn't be available on a network share - basically hide
it so only administrators can get at it (assuming the users can't log into
the box directly).
If you don't even want anyone to have commit rights you can lock down the
permissions then set LockDir or LockServer appropriately.
Also you can switch off impersonation and only give rights to LocalSystem,
which works in the case that you can't reasonably deny access any other way
(be aware though that this also causes scripts to run as LocalSystem which
may be a security risk).
> CVS: 1.11.1.3 beta 3 (build 44)
That's really ancient... I'd strongly suggest you upgrade.
Tony
More information about the cvsnt
mailing list