[Cvsnt] Permissions for changing files in module
Bo Berglund
Bo.Berglund at system3r.se
Tue Feb 19 17:33:21 GMT 2002
1. On NTFS the security is per user account, but can be managed through user
groups. You can create a few user groups with different permissions and then
the members will have access only to the parts of the file system they are set
up for in the group properties. And it is all stored within the file system by
NT itself, no hidden locks within the CVS files.
2. To be able to use the granular security you must have every user identified by
a separate login. You can alias different users to different local or domain
accounts and thus give them different permissions. But the aliased user must
be a valid system account. So CVS users (first on each line) are not usable
unless they also are valid NT accounts.
3. If you move the repository to another NT machine you can do so and preserve the
permissions, but only within the domain of course (accounts are domain entities).
But you need to use something else than just copy, there is an NT command for
this kind of move, but I don't know it by heart.
4. If you move the repository to Linux for example you will have to set up permissions
again. No way to transfer this that i know of.
5. Practical security is whatever you put into those words...
But please remember that CVS stands for Concurrent VS, that means that it is optimized
for simultaneous access from many users to the same files. Locking and other kinds
of restrictions are not implemented in any good way, so if you need that then you
have to consider the commercial alternatives instead.
/Bo
-----Original Message-----
From: Koen [mailto:no at ssppaamm.com]
Sent: den 19 februari 2002 17:40
To: cvsnt at cvsnt.org
Subject: [Cvsnt] Permissions for changing files in module
Hi !
Rather new to CVS usage (let alone setting up a server..)
I'm using the pserver protocol (access from both Linux and Windows machines)
with impersonation with the following password format:
usera:encpassworda:localuser
userb:encpasswordb:localuser
So all access rights/permissions are the same on NTFS level for all users.
Now, is it possible to set permissions for files/directories on the CVS user
name level instead of using the NT user names? Is this kept in CVS files
somehow or is the only security supported on the file system level itself ?
What happens with set permissions when you move the repository (to another
machine or to another operating system)?
Should I really make a login account for each CVS user on my machine?
Can users themselves specify who can edit their files, or only the
administrator?
How is your practical CVS repository security setup?
I know, lots of questions...
All advice welcome!
Koen
_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list