[cvsnt] Re: Upgrading from 2.0.40 to 2.058b: Problems with permissions

Tony Hoyle tmh at nodomain.org
Mon Oct 25 15:46:31 BST 2004


Johannes Kilian wrote:
> What are the reasons that it's not  recommended to run the service as 
> another user? We've done this since we are using CVSNT (since its 
> earliest days) and had never problems with it ... What are the 
> advantages of using the CVS specific settings? I need good arguments to 
> justify the switch to your recommended method ...

It's hard to get the permissions right on another user - you end up 
giving them things like admin priviliges which is actually more powerful 
than LocalSystem (LocalSystem is limited in what it can do - for example 
it has no external network access).

If you tell CVS to switch to a user itself that user can be completely 
unpriviliged eg. Guest.  The switch is done almost immediately after the 
cvs process loads (before any user input is processed) so is completely 
secure.

Tony



More information about the cvsnt mailing list