Given: 1. CVS recreates (ie copies and removes) the archive file each time there is a checkin. 2. CVS, by default, creates locks within the repo directory. The location of the locks can be configured by setting LockDir within CVSROOT/config. 3. A user can create and remove files within a directory if and only if (iff) that user has write permissions to that directory. 4. A user can use a directory iff that user has execute permissions to that directory. 5. A user can modify a file iff that user has write permissions to that file.
Therefore: 1. A user will need repo file and directory read permissions to checkout/checkin a file. 2. A user will need repo directory write permissions to checkin a file. 3. It is safer if a user did not have repo file write permissions. Given: 1. Default ACLs cannot tell the difference between directories and files. 2. Repo directory permissions need to be treated differently from repo file permissions. Therefore: 1. A loginfo script will need to reset file ACLs for each commit. It will also need to set ACLs on new elements. Typically, this setting is a combination of inheritance from the parent directory for ACL users and groups and read permissions, files are never writable, files may need to be executable, and directories are always writable and executable. Noel --- Muhammad Shakeel <[EMAIL PROTECTED]> wrote: > Dear Noel yap, > AOA > > Sorry i am asking a question related to little older > thread in mailing > list. I implemeted ACL on directory level as was > suggested, and do not > implemented on files. But what is reason that it is > not recomended ? If > a user have a permission on folder but not on a > file then he cannot > checkout the code. > > Can u please also recall to tell me what is required > to do in loginfo > file in this case ? > > > Regards, > shakeel > > > Noel Yap wrote: > > >The answer is a little trickier than this, > actually. > > > >I remember having to put something in loginfo so > that > >ACLs would get properly created from the directory > >(default ACLs aren't appropriate here since you > >probably don't want the directory's execute and > write > >bits to be inherited by the files). > > > >Noel > >--- gabriel rosenkoetter <[EMAIL PROTECTED]> wrote: > > > >>On Thu, Apr 18, 2002 at 09:28:38PM +0500, Muhammad > >>Shakeel wrote: > >> > >>> Can i use solaris access control list ? Is cvs > >>> > >>works fine when using acl ? > >> > >>Yes. > >> > >>(Think about this logically: cvs is run as the > user > >>performing the > >>action. Therefore, it can only affect a file in a > >>given way if the > >>user has permission to do so.) > >> > >>Beware ownership changes of files, though. (And > note > >>that you > >>probably don't want to use ACLs on files anyway, > you > >>want to use > >>them on directories.) > >> > >>-- > >>gabriel rosenkoetter > >>[EMAIL PROTECTED] > >> > > > >>ATTACHMENT part 2 application/pgp-signature > >> > > > > > > > >__________________________________________________ > >Do You Yahoo!? > >Yahoo! Tax Center - online filing with TurboTax > >http://taxes.yahoo.com/ > > > >_______________________________________________ > >Info-cvs mailing list > >[EMAIL PROTECTED] > >http://mail.gnu.org/mailman/listinfo/info-cvs > > > > -- > Regards, > > Muhammad Shakeel > Streaming Networks (Pvt.) Limited > House 8, St. 31, F-7/1 > Islamabad - 44000, Pakistan > > Talk: +92-51-2823585, +92-51-2275589 > Fax: +92-51-2820832 > Email: [EMAIL PROTECTED] > Web: streaming-networks.com > > > __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs