|
From: | Derek Robert Price |
Subject: | Re: new authentication mode |
Date: | Wed, 31 Jul 2002 22:20:28 -0400 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606 |
Markus Grabner wrote:
Am Dienstag, 30. Juli 2002 00:12 schrieben Sie:The question was what this is good for since "real" users are authenticated by their system password and don't need a CVSROOT/passwd entry.[...] Our modified CVS server checks for the system password if "+" is given in CVSROOT/passwd instead of the encrypted passwordVielleicht uebersehe ich ja was, aber: Fuer "echte" Benutzer sind doch gar keine CVSROOT/passwd-Eintraege noetig. Die werden ganz normal ueber ihr System-Passwort authentifiziert. (Es sei denn, CVSROOT/config sagt: SystemAuth=No, das ist aber eher ungewoehnlich.)That's right, but if more persons want to use the same archive and some access restrictions should apply on a per-propject basis, the recommended way in CVS to do so is to map the CVS user ids of all project membes to a unique system user. Currently this also requires to specify a password for each CVS user (or omit it to allow the user to access the repository without authentication). The new code makes it possible to map user ids (e.g., for project management purposes), but still to use system authentication. This avoids having to manually update the CVSROOT/passwd file each time a user changes its password. We faced some problems organizing several CVS projects at our site (different student classes, research projects etc.). Our first attempt was to use Unix' standard user/group management, but this failed since CVS doesn't care about group ids (unlike, e.g., Samba, which does a perfect job on this). Indeed, I
I'm not quite sure what you're talking about. CVS handles UNIX group IDs just fine, though on Linux systems you have to set the directory setgid bit for the repository. `man chmod' for more, but basically, `chmod g+s', and then use UNIX groups as you'd probably expect. From <http://www.cvshome.org/docs/manual/cvs_2.html#SEC13>:
All `,v' files are created read-only, and you should not change the permission of those files. The directories inside the repository should be writable by the persons that have permission to modify the files in each directory. This normally means that you must create a UNIX group (see group(5)) consisting of the persons that are to edit the files in a project, and set up the repository so that it is that group that owns the directory. (On some systems, you also need to set the set-group-ID-on-execution bit on the repository directories (see chmod(1)) so that newly-created files and directories get the group-ID of the parent directory rather than that of the current process.)
Derek -- *8^) Email: derek@ximbiot.com Public key available from www.keyserver.net - Key ID 5ECF1609 Fingerprint 511D DCD9 04CE 48A9 CC07 A421 BFBF 5CC2 56A6 AB0E Get CVS support at http://ximbiot.com -- "I tried to think but nothing happened!" - Curly
[Prev in Thread] | Current Thread | [Next in Thread] |