[cvsnt] CVSNT service user and impersonation
rsmandcam at _NO_SPAM_sbcglobal.net
Mon Feb 26 23:05:05 GMT 2007
On Mon, 26 Feb 2007 19:28:30 -0300, Flávio Etrusco wrote:
>> I understand that SYSTEM cannot access any network resources. However, when
>> the process impersonates the client user shouldn't they be able to access
>> any network resources the client has rights to?
> Part of the server operations are done with the SYSTEM token, for
> example reading the administrative files from the <repo>/CVSROOT
I assume from this you are saying the execution of the loginfo and shadow
scripts are being run under the SYSTEM account?
> BTW, you've read many times already that accessing sandboxes and
> _worse_ _yet_ repositories through network shares is very discouraged,
Yes, I've read that plenty. All I want to do is push a copy of the sandbox
to a network location when the module changes. I don't really care if it is
a checkout or export. There must be others who need to do this.
More information about the cvsnt