[cvsnt] Windows permission settings with SSPI

anaheim at luukku.com anaheim at luukku.com
Fri Nov 4 14:12:21 GMT 2005


I'm setting up CVSNT ( on a Windows 2003 server. The only protocol to be supported is SSPI and that how it's set up. I've setup permission to the CVS repository folder and CVSTEMP folder (both on a local NTFS disk) as described in http://www.cvsnt.org/wiki/InstallationTips chapter "4.12. Fine-tuning user access of CVS".

We're going to have different usergroups that develop different CVS modules, so each module should have restricted access for only one usergroup. Each of these usergroups belong to group "G-cvs-users-all" that has the appropriate rights to CVSROOT folder.

So I defined that module "abc" can be accessed only by group "G-abc" and module "xyz" only by group "G-xyz". When a user that belongs only to group "G-xyz" says on her client (TortoiseCVS 1.8.22):
C:\>cvs -d :sspi:DOMAIN\USERNAME at server:/CVSREPO ls
Listing modules on server

cvs server: cannot open /CVSREPO/abc/CVS/Tag: Permission denied
cvs server: cannot open abc/CVS/Tag: Permission denied
cvs [server aborted]: Couldn't open RCS file /CVSREPO/abc/.directory_history,v: Permission denied

If I give group "G-xyz" permissions to "List Folder Contents" on module "abc" it works, but still says:
C:\>cvs -d :sspi:DOMAIN\USERNAME at server:/CVSREPO ls
Listing modules on server

cvs server: cannot read /CVSREPO/abc/CVS/fileattr.xml: Permission denied

Of course it works fine, if I give also read access to group "G-xyz" on module "abc":
C:\>cvs -d :sspi:DOMAIN\USERNAME at server:/CVSREPO ls
Listing modules on server


What I'm trying to say here is that should the CVS ls command ignore the modules that the user has no rights to. Or perhaps behave like this:
C:\>cvs -d :sspi:DOMAIN\USERNAME at server:/CVSREPO ls
Listing modules on server

cvs server: No access to abc

One more thing: modules are not listed in CVSROOT/modules -file. And hopefully will not be since updating that file would be a burden for the administrators.


Luukku Plus paketilla pääset eroon tila- ja turvallisuusongelmista.
Hanki Luukku Plus ja helpotat elämääsi. http://www.mtv3.fi/luukku

More information about the cvsnt mailing list