Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
You can do as follows: 1. Make sure that the repository disk is NOT available in any kind of share available to anybody but the domain admins. There is always a default admin share <driveletter>$, but remove all other shares. This way *noone* can get at the repository directly. 2. Create two domain user groups, CVSUsers and CVSAdmins 3. Make your CVS users members of these groups as needed keeping in mind that the CVSAdmins will be able to control and administrate CVSNT and the others will not. 4. Use the NTFS file system security to first set access rights for the root directory of your repository to ONLY include the following groups: DomainAdmins (full control, for obvious reasons) BackupOperators (readonly, so that your backup system will work) CVSUsers (full control) CVSAdmins (full control) Also add account SYSTEM, if you don't then CVS will not work at all. Remove all others that are there by default. Make sure that the security settings are set to propagate down (be inherited by the parent) to the child folders and files as well (but you have to switch off this for the repository root itself of course). 5. Now set the security for the CVSROOT folder to only allow full control from CVSAdmins. I am not 100% sure if you actually need to make the CVSUsers have readonly access here, it might be so. 6. As an admin belonging to CVSAdmins you now need to check out CVSROOT and edit the CVSROOT/config file. You must add a setting for a parameter called 'LockDir'. Set this to a temp directory outside the CVS repository (like <driveletter>:\CVSlocks or similar). This must be a dir where both CVSAdmins and CVSusers have full control. It is OK to give everybodu full control here. Example: LockDir=D:/CVSLocks 7. Save the file and commit it to CVS Now you should have a locked down server and only users who are members of the two groups should be able to access the repository. Only the CVSAdmin group will be able to change anything inside the CVSROOT dir. Note that the security settings will not affect logged on persons until they log off Windows and then on again. There might be something I have missed here, but I think this is what you can do. /Bo On Mon, 3 Jun 2002 20:12:35 +0000 (UTC), Charles Strauss <cstrauss at draper.com> wrote: >Dear CVSNT listers: > > Here is my problem - I have to set up a CVSNT server to maintain a >repository for several users on a LAN. These users all belong to the same >domain as the server machine. However, this domain has lots of other users >as well, and I have been directed to keep all the transmissions of code to >and from the repository encrypted and, of course, keep all other members of >this domain (and all other users of the LAN) from being able to access any >of the repository code. > > CVSNT as the server and WinCVS using the SSPI protocol with encryption >works like a charm - except that any member of the domain seems to be able >to access the repository. I have suggested that we should just form our >own domain, but none of my body of users agrees with that - they have all >kinds of stuff that is made available via their current domain and hate the >idea of having to log off and on just to get at the code in our repository. > > So -- what can I do? Will running SSH on my server machine do the >trick? I've tried it but with no success yet. I need some combination of >the facilities of pserver (for demanding an explicit password for access to >the repository) and SSPI (for encryption of transmissions). I'll be >grateful for any help you can give me. > >/Charles M. Strauss > > >_______________________________________________ >Cvsnt mailing list >Cvsnt at cvsnt.org >http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs > /Bo (Bo Berglund, developer in Sweden) _______________________________________________ Cvsnt mailing list Cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs