The security of your projects relies on the security of your CVS repository, the repository’s computer and its environment, all the computers that contain sandboxes, your access method, your backup storage, and your developer’s working environments. The security of access methods is covered in Chapter 8. General computer security is outside the scope of this book, but you should consider it when securing your repository.

Sandboxes are checked out of the repository with the username of the user who creates them or does the checking out. If the client’s computer has a group that matches the group ownership of files in the repository, files in the sandbox are usually stored with that group ownership.

Permissions in a sandbox depend on the settings for new files in the sandbox computer’s operating system, on whether the user has the CVSREAD environment variable set, and on whether the files are being watched with the cvs watch commands. If a file is imported or added as executable, it is set as executable in the repository and the executable setting is preserved in the sandboxes. The CVSREAD environment variable is described in Section 6.10, later in this chapter.

Repository security is more complex than sandbox security, and it is based on the filesystem security for the operating system that the repository is running under. The specific instructions in this section are based on traditional Unix and Linux filesystem permissions, but the principles can be used ...