[cvsnt] ACLs, permissions, readers/writers, etc

Ruth, Brice bruth at fiskars.com
Thu Aug 19 17:32:43 BST 2004 

The comment that I removed for brevity indicated that the 
Repository*Name would be equal to the Repository if no other name was 
specified. I can give it a shot - but if this makes a difference, that 
comment ought to be changed, eh? ;)

Mike Wake wrote:

> Heya Ruth,
>
> This is just a guess but you you might need
>
> Repository0Name=/cvs/repo/java
> Repository1Name=/cvs/repo/sites
>
> as well as
>
> Repository0=/cvs/repo/java
> Repository1=/cvs/repo/sites
>
> in your /etc/cvsnt/PServer file.
>
> Cheers
> Mikew
>
> Ruth, Brice wrote:
>
>> Good morning.
>>
>> I have setup CVSNT 2.0.51c on a RedHat Enterprise Linux ES 2.1 box, 
>> with PAM security, accessing the repository via :pserver:. My goal, 
>> in short, is to provide a particular group of users (defined in 
>> Active Directory, accessed via winbind) with r,w,c access to all 
>> modules, all branches. Then, provide a second group of users (also 
>> defined in Active Directory) with only r access to certain branches 
>> of certain modules, and r,w,c access to other branches of those modules.
>>
>> Now, I've setup CVSROOT/groups to mirror what I have setup in Active 
>> Directory:
>>
>> CorpWebappsCvs: user1 user2 user3 user4
>> CorpWebappsCvsCreative: user1 user2 user3 user4 user5 user6
>>
>> File permissions in the repository are CorpWebappsCvs is the group 
>> owner of directories/files, directories are also +SGID. I've tested 
>> checkout of the files and I didn't run into any problems. However, 
>> testing check-in with a user in the first group (CorpWebappsCvs) 
>> doesn't appear to work. Here's the error I get:
>>
>> cvs server: User user4 is unable to write modified file 
>> /cvs/repo/sites/fiskarsbrands.com/mgmt.jsp
>> cvs [server aborted]: correct above errors first!
>>
>> 'cvs lsacl' shows the following for the module I'm in:
>>
>> Directory: .
>> Owner: bruth
>>  default:r
>>  CorpWebappsCvs:rwc
>>
>> (Quick aside - when I run chacl on a directory, do I need to checkin 
>> those files, then? How does the server get notified of these ACLs?) 
>> Another aside - for ACLs to work, does the CVS client have to be 
>> CVSNT? We mostly use Eclipse to access our CVS repositories.
>>
>> I've googled & RTFM'd both the CVSNT manual as well as the Wiki and 
>> its gotten me to this point (which is pretty far, actually). Any help 
>> would be appreciated.
>>
>> Thanks!
>> Brice Ruth
>>
>> p.s. Here's my xinetd conf for cvspserver
>> # default: off
>> # description: The CVS pserver protocol allows remote access to a CVS \
>> #              repository.
>> service cvspserver
>> {
>>        socket_type             = stream
>>        wait                    = no
>>        user                    = root
>>        group                   = cvsgroup
>>        log_type                = FILE /var/log/cvspserver
>>        server                  = /usr/bin/cvs
>>        server_args             = pserver
>>        log_on_success  += HOST DURATION
>>        log_on_failure  += HOST USERID
>>        disable                 = no
>>        port                    = 2401
>>        only_from               = 10.5.0.0/16
>> }
>>
>> And here's my /etc/cvsnt/PServer file (abbreviated):
>> Repository0=/cvs/repo/java
>> Repository1=/cvs/repo/sites
>> NoReverseDns=0
>> LockServer=localhost:2402
>> FakeUnixCvs=0
>>

-- 
Brice Ruth, Sr. IT Analyst
Fiskars Brands Inc
http://www.fiskarsbrands.com/

More information about the cvsnt mailing list