[cvsnt] CVSNT service user and impersonation

Rick Martin rsmandcam at _NO_SPAM_sbcglobal.net
Mon Feb 26 23:05:05 GMT 2007


On Mon, 26 Feb 2007 19:28:30 -0300, Flávio Etrusco wrote:

>> I understand that SYSTEM cannot access any network resources. However, when
>> the process impersonates the client user shouldn't they be able to access
>> any network resources the client has rights to?
>>
> 
> Part of the server operations are done with the SYSTEM token, for
> example reading the administrative files from the <repo>/CVSROOT
> folder.

I assume from this you are saying the execution of the loginfo and shadow
scripts are being run under the SYSTEM account?

> 
> BTW, you've read many times already that accessing sandboxes and
> _worse_ _yet_ repositories through network shares is very discouraged,
> right?

Yes, I've read that plenty. All I want to do is push a copy of the sandbox
to a network location when the module changes. I don't really care if it is
a checkout or export. There must be others who need to do this.

Thanks,
Rick


More information about the cvsnt mailing list