[cvsnt] Linux ACLs

[Rodre Ghorashi-Zadeh]

Hello,

In my setup I had created a user called "cvsnt" this automatically created a 
group called "cvsnt". I then and gave the cvsnt [object] administrative 
permissions on my cvsroot (ie: read,write,create,tag,control) and I assume 
that these permissions cascaded down through the modules in the root. I then 
create a user called 'mike' and made him a member of the CVSNT group. Prior 
to adding him to the group he wasn't able to even read the cvsroot, after 
adding him he was able to do everything on every module, even the CVSROOT. 
After removing him from the "cvsnt" group he again was not able to do 
anything. This tells me that cvsnt matched his access on the group 
permission.

~Rodre

>From: Tony Hoyle <tony.hoyle at march-hare.com>
>To: cvsnt at cvsnt.org
>Subject: Re: [cvsnt] Linux ACLs
>Date: Wed, 12 Sep 2007 09:15:14 +0100
>
>Rodre Ghorashi-Zadeh wrote:
> > I have figured out the problem. It has to do with the way CVSNT
> > handles users and group (it doesn't distinguish between the two) and the
> > way
> > Redhat type Linux distros create a group with the same name and GID as
> > the user,
> > by default, when adding users with the 'useradd' command. The two
> > together are a
> > bad mix.
> >
>It shouldn't matter at all.. such a group would only have one user in
>it, so it'd behave as you'd expect.  The only issue would be if you
>created a group with a large number of users in it, then created a user
>with the same name - which would be a configuration error IMO (since
>it's not unusual to treat users and groups as the same namespace..
>indeed win32 even does it at the system level).
>
>Tony
>_______________________________________________
>cvsnt mailing list
>cvsnt at cvsnt.org
>http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

_________________________________________________________________
Enter to win a night a VIP night out at TIFF 
http://redcarpet.sympatico.msn.ca/