[cvsnt] Re: more ACLs questions
Daniel Lapolla
ldlapolla at yahoo.com
Fri Jan 13 16:49:16 GMT 2006
Hi Mark,
Please, see the answers below...
Regards
Daniel Lapolla
> 1. I notice the output of users/groups with permissions of "all" and
> "none". How is this set? I thought the only options were
> read/write/create/tag/control, and the negative of each. Are there
> global "all" and "none" options? If so, what other undocumented
> options exist?
The same way you do with read, write or etc... with "-a none" or "-a all".
But I don't know about other undocumented options and I'm curious about
it too...
>
> 2. When deleting an ACL, what defines what is to be deleted? I think
> it is the directory and the user/group combo, and this would delete
> the definition for this user/group in this directory, regardless of
> the permissions set. Is this correct? To modify an existing ACL is
> this best done by adding it again, over the top of an existing one, or
> should it be delted first?
>
Basically the triple (path, user/group, branch), but you can omit the
branch and the user depending on what acl you want to delete.
I think it would be useful to have a delete behavior that removes all
the acls regardless oft the users or branches...
There is no need to delete the acl before you modify it. When you chacl
the permission is replaced by the new one.
> 3. As documented, chacl requires both the repository and working
> directory. Why does it require the working dir? It seems to me more
> like rtag in that it needs a valid CVSROOT, and a valid module and/or
> path to a directory, but isn't that it. Maybe I'm missing something.
> I mention this because when implementing original ACLs, I found it
> awkard. I had to check out each module so that it existed locally
> before I could set the permissions. Since, as an administrator, I do
> not actually code it most of these modules, this was a pain. I also
> could not run the command on the whole repository (unless I check out
> with a top level CVS folder, and list each module name rather than a
> "."). Is this the way it is designed, or am I just doing it the
> hard way?
You may try "rchacl". It does not need a working copy to operate on,
just like rtag and other "r" commands.
More information about the cvsnt
mailing list