Date: Fri, 19 Sep 1997 01:30:57 +0200 (MET DST) From: Eivind Eklund <perhaps@yes.no> To: itojun@itojun.org Cc: marcs@znep.com, hackers@FreeBSD.ORG Subject: Re: cvs pserver mode Message-ID: <199709182330.BAA07105@bitbox.follo.net> In-Reply-To: itojun@itojun.org's message of Wed, 17 Sep 1997 15:28:22 %2B0900 References: <Pine.BSF.3.95.970916235732.6754A-100000@alive.znep.com> <19600.874477702@itojun.csl.sony.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
> > >> does any of you have trouble using pserver mode of cvs? > >First, don't use pserver. It sucks. Badly. It stores unencrypted > >passwords on the clients disk and anyone with a shell on the server an > >steal connections (and hence passwords) from users connecting. Bad. > >Secondly, you need the --allow-root option to tell it what repositories to > >use. This is new in 1.9.10 or something like that. > > [option list deleted] > - give an account (say, "mygroup") to them and use rsh/ssh I consider this the only sensible thing. Give them an account with the shell pointing at a text file containing #!/bin/sh /usr/bin/cvs server and set permissions so they can't write to the cvs repository. Little security risk (except that they can exploit bugs in cvs) - even less if you go for a chrooted environment (which will probably need some hacking to get set up) Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709182330.BAA07105>