[cvsnt] CVSNT Security
technical0 at gmail.com
Mon Nov 20 11:09:41 GMT 2006
I have a couple of questions about the security of CVS. Firstly, I want to
set up a repository that's accessible over the internet from any machine. My
plan is to use CVSNT and disable all protocols other than "sserver". I
believe this should give me a secure SSL connection as the only way of
accessing the repository.
My first question is: Do you think this is a good idea, or are there any
security issues associated with doing this that I may have overlooked?
Secondly, I'd like to set up some user accounts so that particular users
only have access to particular parts of the repository. I know that this can
be partially controlled with the CVSROOT/admin,readers,writers files but
this appears to affect the entire repository. Is it possible to do something
similar with the individual repository directories? Is it possible to "hide"
CVSROOT from particular users? Currently, the CVS users do not match the
server OS users, so I would prefer to do this in a way that does not involve
OS file permissions.
Thanks in advance,
More information about the cvsnt