10 Apr
2003
10 Apr
'03
5:56 p.m.
Dennis Allison wrote at 2003-4-9 12:42 -0700:
... I see a couple of possibilities--perhaps the simplest is to make the 'nobody' group the CVS group. CVS explicitly disallows commits by root, but does not appear to disallow commits by 'nobody'. Alternatively, I could always spawn a suid process that performs the CVS task--but that seems overkill and a potential security hole.
The easiest way would be to add "nobody" to the group "cvs". Whether this is a good idea depends on for what other purposes you use "nobody". The alternative would be to run Zope as a different user which belongs to the group "cvs". In all these cases, an attacker which successfully broke into your Zope might get CVS access. Dieter