Protections and passwords
Until you define a
P4 Server
superuser, every
user is a
superuser and can run any
P4 Server command on any file. After you start a new
Perforce
service, use the p4 protect command as soon as possible to define a
P4 Server
superuser. To learn more, also see
Access authorization.
Without passwords, any user is able to impersonate any other
P4 Server
user, either with the -u flag or by setting
P4USER to an existing
P4 Server
user name. Use of
P4 Server
passwords prevents such impersonation. See Passwords in the
P4 CLI Documentation.
To set (or reset) a user’s password, either
- use
p4 passwd(as a P4 Server superuser), and enter the new password for the user, orusername - invoke
p4 user -f(also a superuser) and enter the new password into the user specification form.username
The security-conscious
P4 Server
superuser also uses p4 protect to ensure that no
access higher than list is granted to unprivileged users,
p4 configure to set the security level
to a level that requires that all users have strong passwords, and
p4 group to assign all users to groups (and,
optionally, to require regular changes of passwords for users on a
per-group basis, to set a minimum required password length for all users
on the site, and to lock out users for predefined amounts of time after
repeated failed login attempts).
An alternate way to reduce security risk during initial setup or
during a maintenance interval is to start the
P4 Server
using localhost: syntax. For
example:port
p4d localhost:2019
This forces the server to ignore non-local connection requests.
For complete information about security, see Secure the server, including Configurables for security.