[cvsnt] linux host, and ACLs

Kerry, Richard richard.kerry at siemens.com
Fri Oct 20 16:07:52 BST 2006 


Our server is on Windows and also provides a number of services other
than CVS.  Users are able to access the server for file storage but the
share they can use for that is separate from the share where the CVS
repository is.  That share is not visible except by logging on to the
server (desktop access, akin to shell access), which is something only
administrators are allowed to do.

I appreciate that your position, as described, is slightly different in
that you need to allow your users to log-on to the server (shell access)
rather than just giving them access to files there.

Does Linux not have a way of preventing users from reading (cd'ing to)
given folders ?

I guess the way to set up the system might be to reserve part of its
disk(s) for the CVS server, which would run using chroot, and make that
part completely inaccessible to normal users via the shell. 
Does that sound practical ?  Or does it just prove that I don't know
Linux ......



Unhelpfully,
Richard.



-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf
Of bwhicks at aep.com
Sent: 20 October 2006 15:54
To: cvsnt at cvsnt.org
Subject: Re: [cvsnt] linux host, and ACLs

cvsnt-bounces at cvsnt.org wrote on 10/20/2006 10:35:50 AM:

> Hmm... "unless you are doing something extremely dumb..."

> Reason: the box is *not* dedicated,  every user will have shell 
> access to the machine, I need this feature for other purposes.
> 
> Remember: It's a unix server, and every user will have a shell
> account on the machine. They will, via their shell account, be 
> able to "cd /to/places" on the same file system as the 
> repository. Thus, I believe it is much like ":local:"

This changes EVERYTHING.

if they have a shell account, they can already "cd /whatever/they/want",

unless you've used filesystem acl's to prevent them. the problem with
CVS 
though, especially CVSNT, is that it's designed for use as a networked 
server. So all of the security bits follow this idea. If you use
:local:, 
all of the server stuff is bypassed. you're left with whatever the 
filesystem ACL's can do for you. 

here's what you need to consider. doing a "cd /" and poking around is 
totally separate from anything cvs related. this should be secured in 
whatever way you deem appropriate. you MAY want to chroot your cvs stuff

so users can't do any permanent damage to the main system. since this 
isn't dedicated, what else do users do on this thing besides CVS that 
could also be a security problem?

Also, as far as CVS is concerned, remember that users will need
filesystem 
write access in order to do commits. this basically means that they can 
seriously damage/modify the actual repository (the ,v files) any way
that 
they choose. make sure they only have access to what they need to have 
access to, and make sure they understand that they shouldn't do
something 
stupid like "vi somefile.txt,v" or "cvs ci -m'doing something stupid 
here...' somefile.txt,v". 

Good luck. 

Brian
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

More information about the cvsnt mailing list