[clue-admin] CVS pserver access

[Grant Johnson]

We use CVS here, and have many (150+) authorized to commit.   We use a 
sandbox for our production snapshot.  
Here is how:
All of the shared environments use anonymous to do the checkout, meaning 
any changes made there (we have a policy of allowing changes only from 
developer sandboxes in the hope that they will unit test before hosing a 
shared area) cannot be committed.   In order to ensure that changes 
committed by developers do not break production, the production checkout 
is done to a particular tag (cvs -d update -r prod) and we have a script 
running in taginfo to prevent anyone not on the authorized list from 
putting this tag on anything.

Now we have an easy way to update production or QA, full control over 
these environments, and ease of commit for developers.   This also 
prevents the need for having a separate module for doing development.

To set up the anonymous access, simply put an entry for anonymous in the 
passwd file (mine is "anonymous::cvsuser") with no password.   The make 
sure to put the anonymous ID in the readers file, and make sure it is 
not in the writers file.   That is it.  Then to control who can put on 
what tag, just go to my website(http://www.amadensor.com), and grab the 
tools from there, and use them, of course, sharing back the things you 
do to make them better. :)  I also have a tool there to allow users to 
update their own pserver passwords via SSH, without requiring individual 
machine accounts.   Just set the tool as the login shell for a user with 
a published password.