[cvsnt] permissions problem.

Ian Epperson Ian at axiomdesign.com
Tue Jan 28 22:08:26 GMT 2003 

I'm pretty sure that every user will have to at least be able to list files
in the cvsroot.  On WinNT, we had to give everyone using CVS "Read &
Execute", "List Folder Contents" and "Read" on the cvsroot, then restricted
access on the folders beneath that.  However, if anyone bothered to check
(cvs ls) they'd find they can list the modules they aren't allowed to
access.

Note that I don't think you're going to get away from an admin touching each
cust anyway - either you will need the admin to create the repository, or
need the admin to set the permissions correctly.  (Assuming the Engineers
don't have direct access to cvsroot - as they shouldn't!)

Also note that (IIRC) CVSNT has a limit to 64 repositories.  Important if
you intend on having more than 64 customers (we currently maintain 140!)

An ugly kludge might be to put the customer name wrapped in an innocuous
module.  Thus:

\cvsroot
    \myCompAA
        \cust1

    \myCompAB
        \cust2


I think this could be solved with symbolic links in Unix... But ah well...

__________

I should have known better than to trust the logic of a half-sized
thermocapsulary dehousing assister...

-----Original Message-----
From: Adam Shand [mailto:ashand at pixelworks.com] 
Sent: Tuesday, January 28, 2003 12:43 PM
To: cvsnt at cvsnt.org
Subject: [cvsnt] permissions problem.


Hi.

I have a small problem that I'm hoping there is an easy solution to. 
I'm setting up a CVS server that our engineers use to collaborate on 
code with our customers.  If possible I'd like to do all access control 
with file permissions rather then repositories.

I've setup a directory structure like this:

c:\repositories
	\temp
	\lock
	\cvsroot
		\CVSROOT
		\cust1
		\cust2

It's important that cust1 NOT know that cust2 exists on the server (and 
vice versa).  The way I attempted to do this was to create a group per 
customer and give full permissions on their module directories and on 
all the directories about that give *only* traverse permissions.

 From a permissions standpoint this seems to do what I want, however CVS 
chokes because it can't stat the \cvsroot directory.

Is there a way around this?  I would like it if instead of choking it 
just continued on it's way since they actually do have all the 
permissiosn they need in \CVSROOT and \custX directories.

Thanks for any help and for such a great project.

ADam.


_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

More information about the cvsnt mailing list