[cvsnt] Re: How to restrict access to the admin command? (was: How to estrict access to the admin command?)

Gerhard Fiedler lists at connectionbrazil.com
Mon May 31 11:34:52 BST 2004


> I'm running a cvsnt server on a Win2k machine, using the sspi protocol, and
> would like to restrict access to the admin command.
> 
> I have tried to create admin and passwd files, I have tried to set
> SystemAuth to yes and to no, but it seems normal users that are not part of
> the Administrators group on the server still have access to the admin
> command.
> 
> It seems there is a way to do that... What am I doing wrong?

I found the following in the cvs (not cvsnt) manual:

"On unix, if there is a group named cvsadmin, only members of that group
can run cvs admin (except for the cvs admin -k command, which can be run by
anybody). This group should exist on the server, or any system running the
non-client/server CVS. To disallow cvs admin for all users, create a group
with no users in it. On NT, the cvsadmin feature does not exist and all
users can run cvs admin."

I think I have read somewhere that with cvsnt, access to the admin command
is restricted to users that are in the Administrators group on the servers.
But this seems not to be true. On my system, any user who has access to the
repository can run admin commands. 

Thanks for any help here (I must not be the only one who wants to do
this?),

Gerhard



More information about the cvsnt mailing list