[cvsnt] problem with acl inheritence... cvsnt server or tortoise tag command interpretation?

Mike Wake mike.wake at thales-tts.com
Fri Jul 29 13:40:21 BST 2005 

Hi all cvs ACL users + Tony,

Can anyone tell me if this is a cvsnt (2.0.58d) server acl inheritance 
problem or a problem of how Tortoise interprets how I wish to tag 
something.  My guess is the latter but I thought I'd ask here first 
since to my knowledge ACL functionality is not exposed in TortoseCVS 1.8.18

Scenario.
Just say I have a repository on a server called /Repos and in that 
repository I have some top level directories that contain the products 
of 2 teams.

The repository structure might look something like this.

/Department/TeamRed/Prod_A
/Department/TeamRed/Prod_B
/Department/TeamRed/Prod_C

/Department/TeamBlue/Prod_D
/Department/TeamBlue/Prod_E
/Department/TeamBlue/Prod_F

And say that there are 3 types of user of this repository.
mike = admin - that can do anything.
dave = TeamRed developer - can do anything in Team Red.
pete = TeamBlue developer - can do anything in Team Blue.

In the interest of open source everyone can read each others source.

To set this up I(mike) setup my CVSROOT and do a checkout to get the 
entire repository structure and contents and then set ownership and acls.

cvs co Department

cd Department
cvs chown mike
cvs chacl -u mike -a read,write,create,tag,control
cvs chacl -a read,nowrite,notag,nocreate,nocontrol

cd TeamRed
cvs chown mike
cvs chacl -u dave -a read,write,create,tag,control

cd ../TeamBlue
cvs chown mike
cvs chacl -u pete -a read,write,create,tag,control

....

Now lets say that dave who is a TeamRed developer does a checkout of 
/Department/TeamRed/Prod_A. ie he sets up a sandbox and his CVSROOT and 
does.

cvs co Department/TeamRed/Prod_A

And now he wants to tag Prod_A
so on the command line he might do something like
cd Department/TeamRed/Prod_A
cvs tag -- Prod_A_20050729_v1_03_r1_release
Which he has the acl permission to do and so it works.  This is Fine.

...

But the command line is hard, and he things WinCVS is hard as well, so 
he tries to do the same thing with Tortoise.

He navigates to the Department/TeamRed/Prod_A directory, does a right 
click and chooses CVS->Tag and enters in the tag name.

Tortoise interprets this to mean
"C:\Program Files\TortoiseCVS\cvs.exe" "-q" "tag" "-c" 
"Prod_A_20050729_v1_03_r1_release" "TeamRed/Prod_A"
CVSROOT=:sspi:dave at cvsserver:/Repos

cvs server: User 'dave' cannot tag /Repos/Department
cvs [server aborted]: correct the above errors first!

Error, CVS operation failed


Which I interpret to mean that Tortoise changed directory back to 
Department and then has attempted to run the tag operation on 
TeamRed/Prod_A.  The server says, rightly so, that dave does not have 
the rights to do a tag on this directory.
BUT if the server looked a little closer he does have the rights to do 
so on Department/TeamRed/Prod_A directory which is what is being asked for.

My Questions are
1.)Should cvsnt be able to interpret the meaning of the TortoiseCVS tag 
command?

2.)Does the current release of cvsnt also have this problem?( I know I 
should have already found out, I know I really need to upgrade, One more 
nail in the coffin for 2.0.58d)

3.)Or should Tortoise be changed to more accurately reflect what is 
being asked of it so that inheritable ACLs like that described above 
will work properly.

Cheers
Mikew.



cannot do a tag from this directory  from a directory that dave has a 
notag acl

More information about the cvsnt mailing list