Controlling Access for Various Users

This is a discussion about controlling the access which various users have to a CVS repository with a focus on short-term solutions using existing tools.

The current mechanisms are as follows. For details on each, see the Cederqvist manual.

• The CVSROOT/readers file provides a way to designate users as read-only. For example, one would use this to provide anonymous CVS on the internet.
• The commitinfo file is one of the most powerful access control mechanisms available to CVS. For example, one can build access control lists via this hook. It only provides protection against casual or accidental violations; determined users will be able to circumvent it.
• The "cvsadmin" group can control the ability to run the "cvs admin" command. It only provides protection against casual or accidental violations; determined users will be able to circumvent it.
• Setting the operating system's file permissions of files in the repository is an all-or-nothing thing. Users will need write access to the repository to write and to read to it (because CVS needs to create lock files). However, on an all-or-nothing level, this can be useful (see for example the CVSUMASK feature).

Here is a patch which adds access control lists implemented in CVS and here is the more recent patch against 1.11.1p1. Corey Minyard mainains these and other patches and info here. This is more powerful than Unix groups, operates on the level of CVS usernames, and has more potential to be expanded to offer finer grained access control (for example, different access control for "cvs tag" than "cvs commit").

• Our Security Information Page is more concerned with making sure users access CVS rather than controlling what users can do once they are in.