[p4] super for remote users?

Stanton Stevens sstevens at adobe.com
Mon Nov 13 17:50:27 PST 2006

An unrelated observation:

You might want to make sure all that your accounts are in one group or
another and replace "write user *", with "write group *". Any line that
contains "user *", even if it is used to restrict access, enables
automatic account creation. That means anyone attempting to access the
Perforce instance gets an account created, even if it has no access, or
is something funky like "yournamehere". Disabling automatic account
creation will save you a lot of cleanup down the road. 

Also, your "write user *" lines already grant the access that your
"write group p4admin" lines grant later.


-----Original Message-----
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of David Alban
Sent: Monday, November 13, 2006 2:52 PM
To: perforce-user at perforce.com
Subject: [p4] super for remote users?


I'm tasked with deploying perforce.  I'm thinking about going with the
following protections:[1]

        write user * INTERNAL_NETWORK_01 //...
        write user * INTERNAL_NETWORK_02 //...
        write user * //...
        super user perforce //...
        write group p4admin INTERNAL_NETWORK_01 //...
        write group p4admin INTERNAL_NETWORK_02 //...
        super group p4admin //...

where the INTERNAL_NETWORK_01 and INTERNAL_NETWORK_02 above are
placeholders in this email for real x.y.z.* netmasks.

Do you think allowing super only on localhost is too restrictive /
paranoid?  Should folks in p4admin have super from remote hosts too?


[1]  Before we actually cut over from our current scm tool to perforce,
     the "user *" rules will be broken down futher into groups such as
     developers, qa, release management, etc.
David Alban <dalban at stubhub.com>
Release Engineering Tools

perforce-user mailing list  -  perforce-user at perforce.com

More information about the perforce-user mailing list