Initialization step: 1. Create a repository directory, lock catalog 2. Creating a warehouse 3. Modifying the CVSROOT / Config for the newly established lock catalog 4. Establishing a CVSDEVEL user and group, and finally do not need .ssh / Authorized_keys2 files, nor allows remote / local landing 6. All CVS users have no local login privileges, only CVS commands (SSH channels) can be used, and all CVS users should be CVSDevel groups by modifying the / etc / passwd shell section. 7. Modify the warehouse directory, CVSROOT, lock catalog, CVSROOT / HISTORY, VAL-TAGS permissions a. Reference "Basic Knowledge" 10 Set Rights Chown -R CVS-Adm.cvs-Devel
New User Steps: 1. Add User AddUser2. Generate KEY3. Upload KEY to Server, pay attention to modify the format of the key (PuTTY-> OpenSSH) 4. $ home / .ssh directory permissions and authorized_keys2 file permissions chmod 700 .ssh chmod 600 authorized_keys2 otherwise SSH's Key authentication login is unsuccessful (?? I don't know why) 5. Set the user's umask, 0022-> 0007, so that the user has written permission, combined with the directory SGID implementation project group policy 6 Verify that SSH's key authentication login 6. Modify / etc / passwd file, user shell is CVSONLY script
Requirements: Permission assignment does not affect normal CVS operations (Add, Import, CHECKOUT, UPDATE, TAG, BRANCH, DEL) CVSADM has read and write permissions for cvsroot, read permission to other projects Cvsdevel only reads only Permissions, doing any permission items for all other projects have only read permissions for CVSROOT, have read and write permissions for this project, do not have any permission item group policy for all other projects: The project directory only opens read and write permissions for the corresponding project UNIX group users, Other users have no permissions, project privileges only control to groups, do not control separate users basic knowledge: 1. Protect the CVS management file, only the administrator / administrator group can have modification rights (cvsroot) 2. The protection module / sub-module is correct User Access 3.CVS separate repository file (.v) cannot set permissions separately, using UNIX's Groups permission control directory rights 4. Use the Locldir option (in the cvsroot / config file) Setting special LockDir, avoiding the user has cvsroot Modify the permissions, do not place in the CVS's repository root directory, avoid being used as a module! Modify the cvsroot / config file in the CVSROOT / CVS-LOCKS5. Create an administrative group (for example, CVS -adm, only the member of this group has permission to write file content in the cvsroot directory, if there are multiple CVS warehouses / Projects, each warehouse / projects build a unique administrator group NOTE: The Description We make here works under OpenBSD. On other Unix flavours (for instance on GNU / Linux with ext2fs), it may be necessary to use the setgid bit on the directories, since directories are created with the group of the running process instead of the one of the Parent Directory. But pay attention to the fact tria Different unice handle setgid bits DifferenTL y. On GNU / Linux, we have had to set the setgid bit on every directory of the repository, to force the creation of sub-directories with the same group as their parent directory. In case of doubt, one should test that the properties Described here is indeed present on a particular unix flavour.6. Building a standard developer group (CVS-Devel), each other group of developers must also be a member of this group, the group to Lockdir and CvsRoot / History, CvsRoot / VAL-tags file has a write permission, which has read permissions for most of the warehouse resources, and only the members of this group have the readings of the cvs root directory. 7. In order to control the write permission of each warehouse module, other groups should be established And contact group related members, and give the group permission 8. Other rights position in theunix system never write permission 9. Owner permission bit in theunix system always has write permission 10. Set permission example: chown -r cvs-adm.cvs -devel
