[cvsnt] Re: How protect CVSROOT
Zioowo
zioowo at poczta.onet.pl
Tue Feb 25 22:40:35 GMT 2003
Uzytkownik "Tony Hoyle" <tmh at nodomain.org> napisal w wiadomosci
news:b3gor2$h6o$1 at sisko.nodomain.org...
> Zioowo wrote:
>
> > Hi,
> >
> > I would like to protect CVSROOT folder in my repository.
> >
> > I give NTFS permissions for users (read, read & execute, list folders),
> > but clients recieves: "permission danied for history file" and some
> > options doesn't work good (for ex. update by tag)
> >
> > When I give write permission to CVSROOT all is working good, bur users
can
> > change my admin files such as config, loginfo, notify ....
>
> Your repository shouldn't be available on a network share - basically hide
> it so only administrators can get at it (assuming the users can't log into
> the box directly).
>
> If you don't even want anyone to have commit rights you can lock down the
> permissions then set LockDir or LockServer appropriately.
>
> Also you can switch off impersonation and only give rights to LocalSystem,
> which works in the case that you can't reasonably deny access any other
way
> (be aware though that this also causes scripts to run as LocalSystem which
> may be a security risk).
>
> > CVS: 1.11.1.3 beta 3 (build 44)
>
> That's really ancient... I'd strongly suggest you upgrade.
>
> Tony
>
Tony, please tell more technically, how could I hide CVSROOT folder,
because my repository doesn't shared by system, users can access to cvsroot
by cvsservice.
LockDir directory already exists out of repository with read & write
privilleges for users.
Maybe 1.11.1.3 is ancient, but is stable for us :-)
Regards,
More information about the cvsnt
mailing list