[cvsnt] Re: problem with cvsnt 2.0.42 - rh linux 9 - login:
Bo Berglund
bo.berglund at telia.com
Wed Jun 16 23:16:07 BST 2004
On Wed, 16 Jun 2004 13:20:12 -0600, ornelyz <rnlyz at yahoo.com> wrote:
>
>cvs [passwd aborted]: Only administrators can add or change another's
>password
is your user mentioned in the CVSROOT/admin file?
>all file from CVSROOT is changed through and checkout and commit
>
It is generally a bad idea to have the CVSROOT/passwd file added to
the CVSROOT module so that it is accessible on a checkout of CVSROOT!
This practice makes the security of the CVS server NIL.
passwd should only ever be manipulated by the cvs passwd command.
And as you have noticed, only the CVS admins can change the password
of other users, so the login doing the cvs passwd command in this case
must be listed in CVSROOT/admin (which also should not be a file that
is added to the CVSROOT module).
/Bo
(Bo Berglund, developer in Sweden)
More information about the cvsnt
mailing list