|
From: | Phil R Lawrence |
Subject: | Re: Security setup |
Date: | Tue, 17 Dec 2002 11:38:46 -0500 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020826 |
Larry Jones wrote:
Phil R Lawrence writes:Perhaps I'm naive, but the recent posts describing local accounts (e.g. cvsphil) with no shell and ssh access to only the cvs command sound promising.Do you see anything specifically flawed with this approach?Once you're connected to a pserver, it's a fairly simple process to get it to execute arbitrary commands for you; giving someone pserver access is equivalent to giving them shell access.
Right... so this approach does not use pserver. Developers SSH to special user accounts with no shell. SSH is set up to only allow the cvs command. Access rights to various projects are determined by group membership instead of by pserver.
?, Phil
[Prev in Thread] | Current Thread | [Next in Thread] |