Date: Wed, 17 Sep 1997 00:46:33 -0600 (MDT) From: Marc Slemko <marcs@znep.com> To: itojun@itojun.org Cc: hackers@freebsd.org Subject: Re: cvs pserver mode Message-ID: <Pine.BSF.3.95.970917003917.6754C-100000@alive.znep.com> In-Reply-To: <19600.874477702@itojun.csl.sony.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Sep 1997 itojun@itojun.org wrote:
> >> does any of you have trouble using pserver mode of cvs?
> >First, don't use pserver. It sucks. Badly. It stores unencrypted
> >passwords on the clients disk and anyone with a shell on the server an
> >steal connections (and hence passwords) from users connecting. Bad.
> >Secondly, you need the --allow-root option to tell it what repositories to
> >use. This is new in 1.9.10 or something like that.
>
> Thanks very much for the comment (and to Julian), I'll keep myself
> away from pserver.
>
> My goal is to have a way to publish half-public source code to
> 20 or so people, without giving them an account on my machine.
> (they won't make changes to my repository)
How concerned are you about people who shouldn't get it getting this
source? That will dictate how strong you need your authentication to be.
> Options seems to be as follows, but I don't know which is good/bad.
> - cvs pserver (should stay away from this)
> - anonymous cvs + some modification
> (how to set it up? OpenBSD people uses this to keep them in sync)
> - cvsupd + some modification
> (current version has no authentication, it seems)
> - give an account (say, "mygroup") to them and use rsh/ssh
>
> Please let me know your opinion. Thanks!
My recommendation, is some form of anoncvs in a chrooted environment
running as a non-root uid without write access to the repository. That is
what I do for the apache anoncvs tree. Of course, this requires that:
- you hack the cvs source so it doesn't try to setuid() if using
pserver
- you have a good wrapper around it
- you hack it (or steal OpenBSD's read-only CVS enhancements) to
deal with repositories without write access
This can be less than simple. It can, however, be implemented using
either rsh, ssh or pserver. ssh is by far the best for security, and you
can just add people to the authorized_keys file (you do have to restrict
what commands they can run, not too hard) to give them access. The
disadvantage of ssh is that it imposes very high latency overhead.
pserver is reasonable for things where you don't need strong
authentication and where no accounts or files (ie. no write access to the
source tree) are compromised by someone getting the password.
There is a shar file off the OpenBSD home page describing how to setup
their version of anoncvs, but I find it lacking.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970917003917.6754C-100000>