From owner-freebsd-hackers Thu Sep 18 16:31:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA17492 for hackers-outgoing; Thu, 18 Sep 1997 16:31:23 -0700 (PDT) Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA17486 for ; Thu, 18 Sep 1997 16:31:18 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.8.6/8.8.6) id BAA07105; Fri, 19 Sep 1997 01:30:57 +0200 (MET DST) Date: Fri, 19 Sep 1997 01:30:57 +0200 (MET DST) Message-Id: <199709182330.BAA07105@bitbox.follo.net> From: Eivind Eklund To: itojun@itojun.org CC: marcs@znep.com, hackers@FreeBSD.ORG In-reply-to: itojun@itojun.org's message of Wed, 17 Sep 1997 15:28:22 +0900 Subject: Re: cvs pserver mode References: <19600.874477702@itojun.csl.sony.co.jp> Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > >> does any of you have trouble using pserver mode of cvs? > >First, don't use pserver. It sucks. Badly. It stores unencrypted > >passwords on the clients disk and anyone with a shell on the server an > >steal connections (and hence passwords) from users connecting. Bad. > >Secondly, you need the --allow-root option to tell it what repositories to > >use. This is new in 1.9.10 or something like that. > > [option list deleted] > - give an account (say, "mygroup") to them and use rsh/ssh I consider this the only sensible thing. Give them an account with the shell pointing at a text file containing #!/bin/sh /usr/bin/cvs server and set permissions so they can't write to the cvs repository. Little security risk (except that they can exploit bugs in cvs) - even less if you go for a chrooted environment (which will probably need some hacking to get set up) Eivind.