[CLUE-Admin] Anonymous CVS Access
Jed S. Baer
thag at frii.com
Sat Jan 17 22:32:53 MST 2004
On Sat, 17 Jan 2004 21:33:16 -0700
CLUE President <president at clue.denver.co.us> wrote:
> On Saturday 17 January 2004 7:50 pm, Jed S. Baer wrote:
> >
> > Well, I'm testing a script to publish the development site to a
> > location on the CLUE server. In the process, I've discovered that the
> > anonymous CVS access described at
> > http://cluedenver.org/siteDevelopment.html doesn't work.
> >
> > The culprit is the cvsroot/CVSROOT/passwd file, which specifies a
> > password for user anonymous.
>
> AFICT - there was no way to have an 'anonymous' user w/o a password
> using pserver. I seem to recall something in the CVS docs about it.
Well, just reading the docs @cvshome.org, it appears that it's just an
entry in the passwd file, with the password field empty.
> > So, the question is, do we really want to allow unrestricted anonymous
> > read access to the CVS respository?
>
> Can't think of a reason not to - our code should be open source.
Ah, one thing leads to another. Published under what license? If the
consensus is GPL, then I'll stick in a the appropriate files.
> > If so, there's an impact to the publish.sh script, and somebody will
> > need to add a readers file to the cvsroot/CVSROOT/ directory, and
> > change the passwd file. I can do these things.
>
> I thought anonymous was in the readers file, but from your comments I
> guess not.
Oops, my bad. There is a readers file. Contains publish, and anonymous.
But the passwd file still requires a password for anonymous.
> > I also note that the user "publish" exists in the CVS passwd file with
> > no password, and "pubcvs" equivalent.
>
> IIRC, the 'publish' user does the cvs update when you run the
> publish.cgi script from the admin site. It also should (have been) read
> only.
Nope, the publish script uses anonymous. There's a .cvspass file so that
the script doesn't need to login.
> > This is bad.
>
> Bad because no password and no readers file?
Yeah, if there weren't one -- except I just missed it. But if it's unused,
I'd just as soon remove it anyway.
> > Any thoughts?
>
> You are on the case - My initial configuration does not have the same
> assumptions as yours and you're in charge of it now. So, do what you
> think is best. I hacked it together because I was a cvs newbie and
> because I didn't have clear requirements other than the ability for
> admin users to publish the latest cvs commits to the web site from the
> cgi.
OK, as long as there aren't any objections from anyone else. I note that
apparently I'm the only person to try anonymous CVS access, or anyone else
who has didn't feel it was worth mentioning.
jed
--
http://s88369986.onlinehome.us/freedomsight/
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list