Restricted CVS

   This package implements the fine grained access control used on the FreeBSD
   cvs repository servers.  It has been implemented using a number of
   administrative files from the CVSROOT-src module of their repo.

   Also included is a restricted shell that can only be used for cvs access.
   It can easily be extended to allow users to do simple (and useful) tasks
   on the repo server like changing their password or managing their ssh
   keys.

   Once installed, cvs commits can only be done from accounts that are using
   the restricted cvs shell.  I hope this all or nothing approach is
   acceptible.

   Complete installation instructions are located in the INSTALL file.  I
   have tested these instructions on a NetBSD 1.6ZF machine and a Mac OS X
   10.3.3 (Darwin 7.3.0 userland) machine.  If you want to try using this
   package, I suggest that you attempt an install on a spare, not your
   primary cvs repo server.

Files Modified/Created By This Package

Added Files:

   CVSROOT/access       - The first tier access controll list.  It is
                          checked by the C wrapper for cvs.

   CVSROOT/avail        - Contains access controls for individual modules.
                          Used by cvs_acls.pl.

   CVSROOT/cfg.pm       - The configuration file for cvs_acls.pl.

   CVSROOT/commitcheck  - A perl script run as the pre-commit hook.  This
                          spawns cvs_acls.pl in a sub shell.

   CVSROOT/cvs_acls.pl  - A perl script that enforces access control on the
                          module level.  It groks the avail file.  Called
                          by the commitcheck script.

Modified Files:

   CVSROOT/checkoutlist - Add access, avail, cfg.pm, commitcheck,
                          cvs_acls.pl and avail.

   CVSROOT/commitinfo   - Add the line "ALL $CVSROOT/CVSROOT/commitcheck".

Added Binaries:

   /usr/bin/cvs         - C wrapper for the real cvs binary.

   /usr/bin/cvssh       - A restricted shell that can only be used for cvs.

--
   David P. Reese, Jr.                                  daver at gomerbud.com
