About VSS System Permission Settings Since the VSS is based on the shared directory form, the security performance is not good. Here, a relatively safe permission setting scheme is set, because of the innate defects, it is best to use CVS. Some presented: Server has a group vsStest The server has multiple users vsstest1, vsstest2, vsstest3, they only belong to the VSSTest group 1. Server Settings Share Directory Share $ add "$" symbol, so that ordinary sharing can not see the srcsafe.ini profile is modified, put some Add Source before the directory / so actual data is placed in Share $ / SOURCE 2.vss database directory is also used Share this directory 3. Permissions Assign Share $ / no permissions Share $ / srcsafe.ini group has read rights Share $ / Source/Users.txt group has read rights Share $ / source / users No permissions Share $ / source / users / users with full permissions Share $ / source / temp group with / write permissions Share $ / Source / Data Group has read / write permissions Share $ / source / data / labels group has read / write / modification rights 4. Description A VSSTest group does not have system permissions, so that server user management only with Share $ related permissions It is not confusing. Share $ / no permissions, only srcsafe.ini has read permissions, control the user to list the directory data, but can use VSS normally. Share $ / user.txt read rights is required, otherwise it will Tips Some Errors Share $ / Users' permissions Follow the user, so that they are required to separate their VSS profiles Share $ / TEMP's read / write permissions, otherwise some error Share $ / data read / write permission is required Otherwise, some error Share $ / data / labels will need to have modified permissions, otherwise it is not able to give the source code Label 5 Note The second actually Share $ / data can be set to have no permissions, such a subdirectories and files in all Data directories, add read / write permissions, where / share $ / data / locks can read, this Mainly for admin locking the source library.
After the above setting, the general user is basically not easily illuminated to accidentally errors. Of course, this is not to prevent people from destroying if there is any heart, such as accessing the file directly: Share $ / srcsafe.ini Get the actual data directory Share $ / source / data, you can copy all code data in the visiting this directory. Description II is the improvement of the description one is to obtain Share $ / source / data information, but also specify a special data directory to COPY data, data The directory is A ~ Z, so it is not possible to control malicious behavior. After using CVS, each of the projects of CVS is independent directory, not like VSS to all data directories, but I don't know how VSS is converted. Thus, CVS can be accessed by configuring SSH access, plus permissions to each directory, so that the corresponding group members can only operate their own engineering directory, better control source access, such as grouping, sub-projects Setting, etc.
