[cvsnt] ACLs, permissions, readers/writers, etc

Ruth, Brice bruth at fiskars.com
Thu Aug 19 17:00:19 BST 2004 

Good morning.

I have setup CVSNT 2.0.51c on a RedHat Enterprise Linux ES 2.1 box, with 
PAM security, accessing the repository via :pserver:. My goal, in short, 
is to provide a particular group of users (defined in Active Directory, 
accessed via winbind) with r,w,c access to all modules, all branches. 
Then, provide a second group of users (also defined in Active Directory) 
with only r access to certain branches of certain modules, and r,w,c 
access to other branches of those modules.

Now, I've setup CVSROOT/groups to mirror what I have setup in Active 
Directory:

CorpWebappsCvs: user1 user2 user3 user4
CorpWebappsCvsCreative: user1 user2 user3 user4 user5 user6

File permissions in the repository are CorpWebappsCvs is the group owner 
of directories/files, directories are also +SGID. I've tested checkout 
of the files and I didn't run into any problems. However, testing 
check-in with a user in the first group (CorpWebappsCvs) doesn't appear 
to work. Here's the error I get:

cvs server: User user4 is unable to write modified file 
/cvs/repo/sites/fiskarsbrands.com/mgmt.jsp
cvs [server aborted]: correct above errors first!

'cvs lsacl' shows the following for the module I'm in:

Directory: .
Owner: bruth
  default:r
  CorpWebappsCvs:rwc

(Quick aside - when I run chacl on a directory, do I need to checkin 
those files, then? How does the server get notified of these ACLs?) 
Another aside - for ACLs to work, does the CVS client have to be CVSNT? 
We mostly use Eclipse to access our CVS repositories.

I've googled & RTFM'd both the CVSNT manual as well as the Wiki and its 
gotten me to this point (which is pretty far, actually). Any help would 
be appreciated.

Thanks!
Brice Ruth

p.s. Here's my xinetd conf for cvspserver
# default: off
# description: The CVS pserver protocol allows remote access to a CVS \
#              repository.
service cvspserver
{
        socket_type             = stream
        wait                    = no
        user                    = root
        group                   = cvsgroup
        log_type                = FILE /var/log/cvspserver
        server                  = /usr/bin/cvs
        server_args             = pserver
        log_on_success  += HOST DURATION
        log_on_failure  += HOST USERID
        disable                 = no
        port                    = 2401
        only_from               = 10.5.0.0/16
}

And here's my /etc/cvsnt/PServer file (abbreviated):
Repository0=/cvs/repo/java
Repository1=/cvs/repo/sites
NoReverseDns=0
LockServer=localhost:2402
FakeUnixCvs=0

-- 
Brice Ruth, Sr. IT Analyst
Fiskars Brands Inc
http://www.fiskarsbrands.com/

More information about the cvsnt mailing list