[cvsnt] chacl not working with non-inheritable permissions.
Jurko Gospodnetiæ
mangled at to.avoid.spam
Wed Aug 16 00:06:36 BST 2006
Hi all.
I just tried using CVSNT chacl command to set up some
access control on one of our repositories and it seems that
the documented non-inheritable permission feature does not
work.
Here's an example:
1. I have a folder A and its sub-folder B.
2. I set CVSNT to deny access by default (either by setting
it in the CVSROOT/config file or by setting the default
deny rule on folder A).
3. I allow a user to read the folder A, and I set this privilege
to be non-inheritable (-n chacl option)
Now when the used checks out folder A I would like him
not to get folder B as well, but he does.
On the other hand, if I add an explicit deny rule for that user
on folder B everything works as expected and the used does
not get folder B when checking out its parent folder A.
Seems like folder B is inheriting the read access privilege
even though the privilege is set to be non-inheritable.
I checked the relevant fileattr.xml file on the server and it
says <read inherit="0" /> so CVSNT did correctly recognize
the -n chacl option.
Using client and server CVSNT 2.5.03 build 2382. Client
is on Windows XP SP2 with full updates, Server is on
Windows 2003 Server with full updates. The same behaviour
repeated with client build 2151, and server build 2260.
Anyone have any ideas on this? I would really like to allow
a user to access one folder and be able to get only the
subfolders under it that he has access to.
Best regards,
Jurko Gospodnetiæ
More information about the cvsnt
mailing list