[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS and anonymous/SSH
|
From: |
Mark D. Baushke |
|
Subject: |
Re: CVS and anonymous/SSH |
|
Date: |
Mon, 10 May 2004 10:41:28 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sensei <address@hidden> writes:
> I'd like to make the cvs repository for our department accessible by
> anyone, but keeping the ssh connection.
Good choice.
> In other words, is it possible to make a user anonymous with group
> anonymous read via ssh the repository, this belonging to root with
> group cvs.
Yes, but it would be better to hae a LockDir which uses group
permissions of users that can both read and write and the group in your
repository should be for only those members who are allowed to do write
operations.
> I'm trying to do this, but anonymous can't get a lock over the cvs
> repository, since it doesn't belong to the cvs group.
>
> How should I do?
Create an anoncvs user. This user is in NOT in group cvs (which is
allowed write access), but is allowed to create locks via the
directories in LockDir which may have world-write access and anoncvs
also has a private SSH key for which you publish the public SSH key. The
authorized_keys file uses the
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/cvs
server"
mechanism to allow only cvs commands to be executed.
Here is an example of how to do it:
http://www.kitenet.net/~joey/sshcvs/
The basic idea is that anyone can write into your LockDir, but not your
repository.
Good luck,
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFAn77I3x41pRYZE/gRAn0YAKCpu+1oUbkPZWyw527Sfd/NsUGOEgCdGB/C
S0wOg6ohKq1fQx1mKQO4Iv0=
=K3Gb
-----END PGP SIGNATURE-----