[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: How 2 Secure the repository?
|
From: |
Douglas Finkle |
|
Subject: |
RE: How 2 Secure the repository? |
|
Date: |
Mon, 11 Mar 2002 13:10:01 -0500 |
> Environment: cvs 1.11.1p running on unix. Clients are mostly
> wincvs1.13.7+
> (in-house modifications to prevent password display on the
> screen)
Huh?
> plink for ssh connection.
Also, use Pageant on Windows. UNIX will require ssh-agent for
the same functionality.
> Developers have valid login on unix server and are
> members of the cvs and users groups.
>
> How do I protect the repository from developers modifying or
> deleting code directly without using cvs? Any protection scheme
> we've been able to think of either locks them out completely or
> has loop holes.
You take away login access. Do this by setting their hashed passwd
in /etc/shadow to "NP", and add a line to their SSH authorization file
on the server side to _only_ allow the command 'cvs server'. The
O' Reilly SSH book explains this pretty clearly.
Doug