[cvsnt] Re: chacl problem configuring access to individual files
Tony Hoyle
tony.hoyle at march-hare.com
Fri Apr 28 15:09:33 BST 2006
Oliver Koltermann wrote:
> "For a user to have access to a directory, they must have at least
> read access to all the directories above it. If a user has a 'no
> access' ACL on a parent directory they cannot be granted access to
> directories below it."
>
> I assume the same is true for the write access right.
>
>
Ultimately everything in both cvs and cvsnt is directory based - this
has implications for any ACL implementation... for a commit to succeed
on a file it must also succeed on its containing directory.
That means that file ACLs can only remove privileges that exist in the
containing directory.. they can never add new ones.
The use of a file ACL is largely limited to the lockdown of single files
so they can be only updated by a limited number of people. Even then in
most cases a separate directory will be easier to manage.
Tony
More information about the cvsnt
mailing list