[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patches: cvs --allow-root=/blah server
From: |
Jan Grant |
Subject: |
Re: Patches: cvs --allow-root=/blah server |
Date: |
Tue, 3 Apr 2001 09:53:05 +0100 (BST) |
On Mon, 2 Apr 2001, Larry Jones wrote:
> Jan Grant writes:
> >
> > I'm a bit stumped as to where patches for this should go. We're looking
> > at running CVS here using :ext:-mode access and ssh, and using sshd's
> >
> > command="cvs --allow-root=/blah server"
> >
> > option to limit people to only runing CVS.
>
> Since sshd ends up running as the real user, why don't you just use Unix
> permissions to restrict people to the appropriate repositories?
In riposte, can I ask: why does pserver need --allow-root?
(a) defense in depth; (b) paranoia; (c) it's simpler; (d) there's a
limit to the number of groups that a person can be in*.
jan
* Yes, it's a real problem.
--
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 address@hidden
__/\____/\_____/\____/|_____________________________________ flatline