[cvsnt] Restriction top-level module creation

[Rahul Bhargava]

Mark Johnson wrote:
> I'm running CVSNT 2.5.02 (Servlan) Build 2064 on Redhat linux.  I am
> also using acl's to control access permissions.  There is one thing I
> cannot figure out though, how can I restrict the creation of new,
> top-level modules.   Since there is no "CVS" directory at the top
> level, I cannot use an acl.  The group permissions, on the repository
> directory, are set to sticky, so that group permissions and ownership
> will persist as new items are created.   The group perms are "rwx".  I
> have not tried changing the repository directory permission to "r_x",
> then setting each module directory...as it is created to "rwx",
> possibly this is the answer.
>
> Is there a cvs setting to control this?
>   

Hi Mark -

Since you are importing a directory/module under the cvsroot you 
obviously don't
want to give write access to the entire cvsroot. With the cvsnt chacl 
model you
can not create an acl on a module that doesn't yet exist. For example :

$ cvsnt rchacl -a write newmod1
cvs rchacl: cannot find module `newmod1' - ignored

The WANdisco for CVSNT Enterprise Edition allows you to do that 
precisely. WANdisco
security database maintains a logical ACL associations, so even when the 
module has not been physically created you can setup an access rule in 
advance.  So w/o opening the entire cvsroot for importing
arbitrary modules you are able to say who can create new modules in a 
cvsroot. By who I mean
any principal - user/group. You can setup security policies to span 
multiple CVSROOTs also.

For more information please take a look at -
http://www.wandisco.com/php/product_detail.php?lname=cvsnt
http://www.wandisco.com/techpubs/cvsmanual/node16.html

Regards,
Rahul
> Thanks,
>
> Mark
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>
>