[cvsnt] some ACL questions (trying to set file access permissions...)

[Rogier Eijkelhof]

Hi everybody,

I'm trying to limit the access to certain files for some users, but didn't 
succeed so far.

First I tried on the following on the server (in some dir within the 
repository): cvs chacl -u john -a nowrite bla.h
Hoping this would allow john to checkout/update "bla.h" but not commit it.

(first got an error about CVSROOT not being set - I never did any cvs 
things on the server yet, only created a repository there using the gui and 
used TortoiseCvs on client machines...)
Then it said:

>cvs chacl: in directory .:
>cvs [chacl aborted]: CVS directory without administration files 
>present.  Cannot continue until this directory is deleted or renamed.

When I tried "cvs lsacl", same thing. Is changing ACL stuff not supposed to 
happen on the server?

I also tried on a client PC (where I use the cvs account "rogier"), and it 
seemed to work now, when doing "cvs lsacl" afterwards I get this:

>Directory: .
>Owner: peter
>
><default>
>         read
>         write
>         create
>         tag
>File: bla.h
>
>user=john
>         write(deny)

However... john can still commit changes to bla.h :(

Since all cvs users in our repository map to the same single Windows guest 
account on the server ("CvsDummyUser"), I though maybe the rights refer to 
real windows users rather than the 'virtual' cvs users in the passwd file.. 
so I did the same chacl command with CvsDummyUser instead of "john", but 
still no difference.

On the server, the cvs\fileattr.xml file looked ok though (see also lsacl 
result above which seemed all right)

Two questions:

- What am I doing wrong? :)
- Isn't it scary that clients can change the ACL rights, i.e. what prevents 
a user from increasing his own rights to certain files?

Thanks a lot,
Rogier