From owner-freebsd-current  Thu Jul 10 09:39:57 1997
Return-Path: <owner-current>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id JAA10726
          for current-outgoing; Thu, 10 Jul 1997 09:39:57 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id JAA10720
          for <current@freebsd.org>; Thu, 10 Jul 1997 09:39:54 -0700 (PDT)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 1.60 #1)
	id 0wmMEl-00010J-00; Thu, 10 Jul 1997 10:38:35 -0600
To: Mikael Karpberg <karpen@ocean.campus.luth.se>
Subject: Re: PRCS (was Re: CVS Branches hits again!) 
Cc: scott@statsci.com, jmacd@CS.Berkeley.EDU, current@freebsd.org
In-reply-to: Your message of "Thu, 10 Jul 1997 17:55:24 +0200."
		<199707101555.RAA11530@ocean.campus.luth.se> 
References: <199707101555.RAA11530@ocean.campus.luth.se>  
Date: Thu, 10 Jul 1997 10:38:35 -0600
From: Warner Losh <imp@village.org>
Message-Id: <E0wmMEl-00010J-00@rover.village.org>
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <199707101555.RAA11530@ocean.campus.luth.se> Mikael Karpberg writes:
: Can this be done with in the CVS way of doing things? Build a special
: "rsh" and "rshd" which does authentication, and then only allows the
: commands which has to do with CVS?

Or you can have a special shell that chroots you to the right place
and only allows you to execute the command cvs server.  Or you could
use the pserver method for CVS, but the security implications are not
as strong as when you require ssh to be used :-).

Warner