[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: filesystem ACLs vs. CVS
From: |
Greg A. Woods |
Subject: |
Re: filesystem ACLs vs. CVS |
Date: |
Fri, 22 Feb 2002 17:25:59 -0500 (EST) |
[ On Friday, February 22, 2002 at 12:35:01 (-0800), Noel Yap wrote: ]
> Subject: Re: filesystem ACLs vs. CVS
>
> I think the only scenario this might occur in is if
> they're trying to manage third-party source. The only
> thing I can think of to manage such source would be to
> use some sort of trusted OS (ie one that manages
> permissions more securely than standard OS's). Here's
> one such OS: http://www.trustedbsd.org/
If you're managing third-party source then you'd damn well better get
the proper security clearance for all your programmers to work on all
the source all at once! Such a scenario is idiotic.
> > No, you can't control the group owner of the files
> > either, at least not
> > without going to a great deal of effort (i.e.
> > internally re-engineering
> > how CVS re-writes ,v files).
>
> This part can be done using a loginfo script (assuming
> the user can chgrp to the particular group).
No, it can not really be done that way -- certainly not for remote
clients....
Indeed my idea for the '-u' and '-o' modules options fails for remote
clients too..... I should have mentioned that.... sorry.....
> I've been able to create a loginfo script that would
> recreate the file ACLs based on the ACLs of the parent
> directory (default ACLs are no good since they make
> the files writable and executable). But if the user
> needs to control ACLs on a per-file basis, they're out
> of luck short of changing their OS.
Did it work on remote clients?
(as far as I can tell that would be impossible)
--
Greg A. Woods
+1 416 218-0098; <address@hidden>; <address@hidden>; <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>
- Re: ANN: cvssh - secure ext-to-pserver bridge, (continued)
Re: ANN: cvssh - secure ext-to-pserver bridge, David A. Desrosiers, 2002/02/21
RE: ANN: cvssh - secure ext-to-pserver bridge, Douglas Finkle, 2002/02/21