Rafael Sanz wrote: > > Thanks Peter and Arthur. > > About the contrib scripts are not enough because only restrict commits > (currently, I'm resolved this with a perl script hook at commitinfo and > taginfo events). >
Gross permissions with cvs (not sure about CVSNT under windows) are done at the filesystem level, i.e., either you can read from the project repo or not depending on the filesystem permissions. Writing to the repo is controlled also by the filesystem permissions, but can have further fine grained control using cvs_acls scripts. If you are using pserver the reader/writer set performs much the same gross permissions as the filesystem permissions, but should be backed up by the filesystem permissions, because the filesystem permissions are more sure to work if the person is logging in with an operating system loggin instead of a pserver password. If you are really concerned about security and segregating your users, be aware pserver has not had a great track record (in the last couple of years at least), check the archives of this list for more info http://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=pserver+security&submit=Search%21&idxname=info-cvs&max=20&result=normal&sort=date%3Alate > The only way that I found is using the SO groups and users, is similar in > CVSNT if I understand well. But I don't understand how work chacl exactly: > Please clarify what you mean by SO groups... I do not immediately recognize the acronym. http://www.acronymfinder.com/af-query.asp?String=exact&Acronym=so&Find=Find Do you mean Italian for Operating System? (Assuming you do for this email) > -change the SO permission of repository file? Not files, directories. cvs_acls may allow per file. > > -Are stored the permission in somewhere? (I understand is in the SO > repository file attribute, then how is controlled the branch?) for cvs_acls[2] it is in cvsacl file, read the "Admin Setup" section of https://ccvs.cvshome.org/source/browse/ccvs/contrib/cvs_acls.in?rev=1.5&content-type=text/vnd.viewcvs-markup > > -And my Achilles heel, chacl close the read permission for specific > files/directories? > > I'm reading this manual http://www.cvsnt.org/wiki/SetAcl but I don't > understand completely the differences in ACL control between CVS and CVSNT > (except native commands to do it in CVSNT) > > Currently I manage a CVS server on Solaris and the security rules of SO > administrators are in conflict to grant access over modify users/groups, if > I must change to cvsnt is a valid option but I need understand the gains of > this, because the mechanism in CVSNT (if I understand well) have the same > problem. What conflict do they really have? Do they not want to maintain the file, or is it that they do not want to let you maintain it? If it is they don't want to maintain it, some one should remind them it is their job to support the users (either they make changes or allow you to), if it is that they don't want to let you change the file (directly) I can understand their perspective as an admin myself, but they must chose one of the two update methods and go forward. For my building, the task (or project) lead identifies the people working for him/her and notifies the admin group who they want in the unix group file for their project, the admin makes the change and then the task lead uses the unix group for their repository. For my building this has always been enough, i.e., we have not had to use cvs_acls and the like. > > Some other link that clarify me? > If someone's user id & group id does not have read access to the repo directories, then they can't read the data from cvs. see: https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_2.html#SEC13 Look for LockDir in the next one https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_18.html#SEC182 > Thanks in advanced, again. > > -----Mensaje original----- > De: Arthur Barrett [mailto:[EMAIL PROTECTED] <SNIP> <pointed out some ACL stuff is already integrated in CVSNT> > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Rafael Sanz > Sent: Friday, 14 January 2005 2:31 AM > To: info-cvs@gnu.org > Subject: ACL status > > Hello, I need to extend my cvs server with fine grain of Access Control > Level (beyond writers or readers files natives in CVS standar). > > I'm found some references to patches at C code > (http://www.unixgods.org/~tilo/CVS_ACL/), but any is standard... > > What is the develop status of ACL in cvs server for UNIX?? Is in > progress? > Nothing about? > > Whatever, some link better to ACL solutions that deal with read > restriction > for files or directories? > > Thanks in advanced. > -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs