Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hello all, I have configured a regular_cvs/Linux server is such a way that users have write access to modules via groups (no acls). All members of the "cvsusers" group have read access to all modules. Each module has a group, and only members of this group have commit access to that module. The users must use the ssh connection method with cvs (via plink) and public/private key authentication. The cool part is that the way the users and auth key is configured, the users can only access the machine with cvs, they cannot login to the machine directly, and have no shell access. Only port 22 is open for this machine. My question is this... This is with regular cvs, not cvsnt. I want to switch to cvsnt. Will this work with the lockserver? Do I have to expose another port to the network/internet? Anyone interested in answering this may need to review this document which I used as a guide to configure my machine (http://ioctl.org/unix/cvs/server <http://ioctl.org/unix/cvs/server> ). Here is a configuration settings summary: all cvs users (read only & read/write) must be members of cvsusers group cvs users with commit rights must also be member of the group associated with a specific module (cvstcpro in my example) users password in /etc/shadow set to * group permissions are "sticky" for "lock" dir, "repo" dir, and all subdirectories in repo LockDir=/home/cvs/lock (in cvsconfig) drwxr-x--- 8 cvs cvsusers 4096 Aug 20 15:56 . drwxrwsr-x 4 cvs cvsusers 4096 Aug 19 15:21 ./lock drwxr-sr-x 4 cvs cvs 4096 Aug 19 13:33 ./repo drwxrwsr-x 3 cvs cvs 4096 Aug 19 16:10 ./repo/CVSROOT drwxrwsr-x 6 cvs cvstcpro 4096 Aug 20 11:41 ./repo/TCPro authorized_keys2 file looks like: no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/us r/bi n/cvs --allow-root=/abs/path/to/cvs/cvsrep server" ssh-rsa hdskjfhdksjhSOME_CRAP _IN_HEREdksjshfksj= rsa-key-12345678 Thanks in advance for your time and advice, Mark (sorry about following message appended by company mail server) This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. "Secure Server" made the following annotations on 09/10/2004 01:21:21 PM ------------------------------"This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately." ==============================