Re: Apache NT errors

["Roy T. Fielding" <fi...@kiwi.ICS.UCI.EDU>]

>However, I have looked over the security requirements for the fix on cyclic
>pages, and now that Roy's done his blitzkreig of changes to CVSROOT files,
>the restrictions now seem palatable.  So, I have installed 1.9.10, and done
>the following:
>
>1) made ~cvs chown'd root, chmod 755.
>2) made ~cvs/CVSROOT chown'd root, chmod 755.
>
>This means that any attempt to create new modules, or modify files under
>CVSROOT, will fail.  If such changes are necessary, let me know and I'll
>temporarily enable group write access so the change can happen.

Yuck.  Is there some reason why they don't just change the location of
the passwd file, like to /etc/cvspasswd.<repository>?

Thanks for waiting til I finished,

....Roy

Re: Apache NT errors

[Marc Slemko <ma...@worldgate.com>]

On Fri, 27 Jun 1997, Roy T. Fielding wrote:

> >However, I have looked over the security requirements for the fix on cyclic
> >pages, and now that Roy's done his blitzkreig of changes to CVSROOT files,
> >the restrictions now seem palatable.  So, I have installed 1.9.10, and done
> >the following:
> >
> >1) made ~cvs chown'd root, chmod 755.
> >2) made ~cvs/CVSROOT chown'd root, chmod 755.
> >
> >This means that any attempt to create new modules, or modify files under
> >CVSROOT, will fail.  If such changes are necessary, let me know and I'll
> >temporarily enable group write access so the change can happen.
> 
> Yuck.  Is there some reason why they don't just change the location of
> the passwd file, like to /etc/cvspasswd.<repository>?

No.

My plan is to make a patch to either just disable the CVS passwd file
entirely (ok for now, but we may want to use it someday... OTOH pserver
really really sucks anyway) or do what you suggest.  When I get time...

You may still be able to modify files in the CVSROOT directory; depends if
it creates a new file and moves it or edits it in place...