[cvsnt] cvs locks vs. cvsnt lockserver, config question

Johnson, Mark Mark.Johnson2 at Ingenix.com
Fri Sep 10 19:21:18 BST 2004 

Hello all,
 
I have configured a regular_cvs/Linux server is such a way that users have
write access to modules via groups (no acls).  All members of the "cvsusers"
group have read access to all modules.  Each module has a group, and only
members of this group have commit access to that module.  The users must use
the ssh connection method with cvs (via plink) and public/private key
authentication.  The cool part is that the way the users and auth key is
configured, the users can only access the machine with cvs, they cannot
login to the machine directly, and have no shell access.  Only port 22 is
open for this machine.
 
My question is this...
This is with regular cvs, not cvsnt.  I want to switch to cvsnt.  Will this
work with the lockserver?  Do I have to expose another port to the
network/internet?
 
Anyone interested in answering this may need to review this document which I
used as a guide to configure my machine (http://ioctl.org/unix/cvs/server
<http://ioctl.org/unix/cvs/server> ).
 
Here is a configuration settings summary:
 
all cvs users (read only & read/write) must be members of cvsusers group
cvs users with commit rights must also be member of the group associated
with a specific module (cvstcpro in my example)
users password in /etc/shadow set to *
group permissions are "sticky" for "lock" dir, "repo" dir, and all
subdirectories in repo
LockDir=/home/cvs/lock (in cvsconfig)
 
drwxr-x---    8 cvs      cvsusers     4096 Aug 20 15:56 .
drwxrwsr-x    4 cvs      cvsusers     4096 Aug 19 15:21 ./lock
drwxr-sr-x    4 cvs      cvs          4096 Aug 19 13:33 ./repo
drwxrwsr-x    3 cvs      cvs          4096 Aug 19 16:10 ./repo/CVSROOT
drwxrwsr-x    6 cvs      cvstcpro     4096 Aug 20 11:41 ./repo/TCPro
 
authorized_keys2 file looks like:
no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/us
r/bi
n/cvs --allow-root=/abs/path/to/cvs/cvsrep server" ssh-rsa
hdskjfhdksjhSOME_CRAP
_IN_HEREdksjshfksj= rsa-key-12345678 
 

Thanks in advance for your time and advice,
 
Mark
(sorry about following message appended by company mail server)


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity to
which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified that
any dissemination, distribution or copying of this e-mail is prohibited. If
you have received this e-mail in error, please notify the sender by replying
to this message and delete this e-mail immediately.

"Secure Server" made the following
 annotations on 09/10/2004 01:21:21 PM
------------------------------"This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately."
==============================

More information about the cvsnt mailing list