[cvsnt] Restriction top-level module creation

Arthur Barrett arthur.barrett at march-hare.com
Thu Feb 16 06:00:07 GMT 2006


Rahul,

>is your personal opinion, 

Ahh yes, but since Tony has been moderator ever since the project began, his opinion is very important.

>Ok so if the admin wants to set an ACL so that specific 
>users or groups can only create specific modules on the 
>root and not wily nilly  import arbitrary module how can 
>they do that  ?  

There is no (popular) system that I know of that implements ACL's that way.  Show me the MS Windows ACL that allows me to create directories named FRED, but not ones named MARY?  Or on Linux, or on Solaris, or on OS/400.  If the admin wants a user only to be able to create directories named FRED, the admin makes the directory FRED for the user - as Flávio pointed out.  The pre-existance of a directory does not prevent import.

CVSNT ACL's are fine grained - you can set an ACL on the smallest object in the repository - a branch of a file, or you can use course grained ACL's on entire files, directories, or a combination, eg: directory/branch.  

Finally if you want to disallow users to ever create directories/files beginning with the letters A or F you can write a very simple trigger to do so.

I do not consider that suggesting that another (non-GPL) tool is required to achieve any of this is contributing to the project.

>My post was simply talking about a more sophisticated 
>access control mechanism than supported by CVSNT acl 
>model that may not be interesting 
>to you but CVSNT users may find it useful.

If you think that this sort of ACL is useful then please start a thread with an appropriate subject to discuss it, not tag onto an unrelated thread.  If there are other users who require ACL's on directories or files that do not (yet) exist in the repository, then we would be happy to consider adding it for the next release.

Regards,


Arthur Barrett




More information about the cvsnt mailing list