info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh and passwd file


From: Mark D. Baushke
Subject: Re: ssh and passwd file
Date: Wed, 28 Jul 2004 15:39:16 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nina Pham <address@hidden> writes:

> Is it true that the passwd file is not needed if you use cvs via ssh?
> the server will use /etc/passwd instead CVSROOT/passwd.

The CVSROOT/passwd file is only consulted when running a :pserver:
access method.

If you use :ext:, and CVS_RSH=ssh (or you have built cvs with an SSH
devault), then whatever method that is used by the system to
authenticate a user is used. This could be PAM, /etc/passwd, RADIUS,
Kerberos, or some other method depending on how the sshd is configured
for the system.

Nina Pham <address@hidden> writes:

> so if I the client access cvs via :ext, how can I grant them readonly
> permission? Say I'm using ssh, then everyclient accesses to cvs is
> able to access to my main server. They can write or execute any file.
> That is so unsafe.

Use UNIX group permissions. You can control writes with the use of
commitinfo trigger and reads with UNIX groups. It is also possible to
define ssh permissions to only allowing the 'cvs server' command rather
than general access to the machine as a part of how you allow logins to
the machine.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFBCCsU3x41pRYZE/gRAj9NAJ9/bJFhsvt45vRQqSmoKsYaMdNb6ACeKq42
5Hj3qhRurv4mBqTJg07jt/M=
=n0Qz
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]