[cvsnt] Re: How to contorl the access right within the ViewCVS

Bo Berglund bo.berglund at telia.com
Wed Mar 2 06:20:57 GMT 2005


On Wed, 2 Mar 2005 10:47:24 +0800, "Pierce Li" <pierce.li at utstar.com>
wrote:

>Dear all,
>
>I have installed ViewCVS following the guidance of
>http://web.telia.com/~u86216121/ViewCvsSetup.html and it seems works
>well. Then I found a critical issue: every user can browse and download
>any file through the whole database by it. It's absolutely not allowed
>by our policy. Could I have any means to limit the CvsView only give
>information according to viewer's permission? We are deploying :sspi
>protocal.

The ViewCvs system is *not* using the cvsnt server for its work and it
also uses no protocol as a consequence of that. Instead it goes
directly to the repository files and parses them to produce the
output.

In order to put security measures in place you probably need to use
the permission system of IIS. In this case I do not think that Apache
is up to the task, so if you have Apache running there will be
problems...

The default install for ViewCvs is to use the anonymous Internet
account for the ViewCvs operations (IUSR_<computername>). If you want
to lock it down I think you must do the following:
- Use the IIS permission system by disallowing IUSR_ access
- Then allow specific usergroup access only
- If you want to fine grain the permissions then you must also use
NTFS file system permissions on your repository folders/files

It all boils down to having the IIS server authenticate the user and
then use this user's credentials when running the ViewCvs scripts.

I am not by a long shot an IIS guru so the steps above are merely
starting points from which you should investigate the IIS
possibilities.
You may also join the ViewCvs mail list and ask there. They are mostly
Linux people though....
http://viewcvs.sourceforge.net/
http://sourceforge.net/projects/viewcvs/
Mail list subscription:
http://mailman.lyra.org/mailman/listinfo/viewcvs

HTH

/Bo
(Bo Berglund, developer in Sweden)



More information about the cvsnt mailing list