[TriLUG] cvs CVSROOT/modules
William Sutton
william at trilug.org
Wed Sep 8 14:43:40 EDT 2004
Well, since the CVS repository is being used by the people writing the
code (not as a documentation bank or whatever), the anonymous access isn't
important (plus I have a sneaking suspicion that $WORK wouldn't like
anonymous checkouts in any case). So, we're stuck with usernames.
All of this is going on inside a vpn, so the only people that will be
hacking plaintext passwords will be people inside the vpn (theoretically
all employees).
William
On Wed, 8 Sep 2004, Mike M wrote:
> On Wed, Sep 08, 2004 at 01:54:16PM -0400, William Sutton wrote:
>
> > I have, of course, the cvsadmin acct to access it for setup, but I'm not
> > about to let everybody and their dog use it to check in/out code.
>
> Heh. That's the right attitude.
>
> So you have trusted folks that get to check in - they get accounts.
> These accounts are part of the "cvs" group. The cvs files are set to
> allow the cvs group to rwx.
>
> Then you have a larger group that gets to check out - they can use
> pserver with a login to an "anonymous" account.
>
> http://www.tldp.org/HOWTO/Secure-CVS-Pserver/
>
> This document will help you set up a more secure CVS Pserver for
> anonymous CVS access.
>
> CVS Pserver is, by definition, an insecure protocol. Among other
> things, passwords are transmitted in plain text, making it undesirable
> for much use. However, CVS Pserver is very good for providing
> anonymous CVS access to a repository.
>
> In this document we will introduce you to setting up a CVS repository
> (although not intruding on the CVS HOWTO's space), and how to set up a
> chroot jail for the Pserver. We will also talk about using SSH for
> developer access to a repository.
>
>
More information about the TriLUG
mailing list