[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Locking down CVSROOT

From: Mark E. Hamilton
Subject: Re: Locking down CVSROOT
Date: Fri, 23 Mar 2007 12:01:55 -0600
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.7.12) Gecko/20050920


Jeff Pream wrote:
What is the correct way to tighten security in CVSROOT such that some in-house contractors would be able to check files out of some projects, but not be able to mess with any of the cvs scripts? There are some projects that I do not want the contractors to be able to get to, so for these I changed group permissions on the project directories within the repository.

What I would do is to first set the LockDir variable in the CVSROOT/config file to somewhere world writable (/var/lock/cvs/<repos_name> is what we use.)

Then to make it so only the user could change the files change the write permissions on CVSROOT and its contents to be read-only for group and others:

cd <repos>
chmod -R go-w CVSROOT

If you wanted to have more people than just the user to be able to change those files you could define a group that those privileged users were a member of, set the group-id of CVSROOT and its files to that group, then just make them read-only for others:

cd <repos>
chgrp -R some_admin_group CVSROOT
chmod -R o-w CVSROOT

There are probably other approaches too, that others may chime in with.

Mark E. Hamilton
Orion International Technologies, Inc.
Sandia National Laboratory, NM.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]