Re: cvs problem

[Steven Bellovin <smb%cs.columbia.edu@localhost>]

On Jan 30, 2010, at 9:26 AM, Helge Mühlmeier wrote:

> Hi,
> 
> I have some problems with cvs init on my Laptop with NetBSD current installed.
> 
> If I try to init a local cvs (e.g. /home/user/cvs) I get the following error:
> 
> cvs [init aborted]: usage is restricted to members of the group cvsadmin
> 
> 
> From the beginning there wasn't such a group in /etc/group.
> Even as root that doesn't work.
> 
> Onmy workstation with NetBSD 5.0.1 amd64 the cvs init runs out of the box!
> 
> Installed cvs-version is:
> 
> nippi# cvs --version          
> 
> Concurrent Versions System (CVS) 1.12.13 (client/server)
> 
> 
> Any ideas how to fix this?
> 
> Greetings,
> Helge
> -- 

I noticed that change, too.  Frankly, it struck me as a really bad idea.

I think the only thing to do is to create the group and put yourself in it.  
Better yet, go into the source and delete the check; it's preposterous.

From a security perspective, it's useless, since the cvs command is 
unprivileged and hence can't really enforce any privileges; anyone who wants 
can compile their own copy that deletes that gratuitous check.  It assumes that 
there is only one permission domain for cvs repositories on a system, which 
isn't necessarily true.  (I teach at a university; most professors and grad 
students have their own repositories.  Why should we all have to be in the same 
group?  What benefit is there to anyone?)

I assume that there was some purpose in mind for the check.  For the life of 
me, I can't imagine what it was.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb