Matthias Friebe wrote: > > Hey folks, > > I was unsuccessfully checking several CVS documentation for user > permissions in CVS. > > What we want to do is give explicit read permissions to users for > files/directories. By default a user should have no read or write access > to files/directories unless we specify that they do. I don't know if > this is possible with using the ssh option because I think they assume > that the user with ssh access can already access the files on the > machine depending on the local file permissions. Is there another way to > do this without manually changing all the local file permissions for > each files/directories, because that is tedious, not flexible and it is > not working properly. The reason is that when someone is committing > files, he is changing the user and group permissions of the files in the > repository! > > Any help is highly appreciated. > > -Matt If you want to give someone read access, but not write access, remove their ability to write to the $CVSROOT directories and give them the capability to write in the LockDir defined in CVSROOT/config . https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_2.html#SEC13 https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_2.html#SEC17 https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_18.html#SEC182
If you do not want them to even have read access, then they must not have read or write access to the _DIRECTORY_. that is, as you indicated above if they can get to it with their ssh access then they can get to it with CVS. (there are a couple of things that make it so CVS has might have less access than their ssh, but if you look at it from the ssh perspective you will only wonder why they don't have access instead of answering "why DID they have access"). Let me repeat, to be clear, CVS uses the permissions on the _DIRECTORY_ to control access for reading, it also uses the DIRECTORY permissions for writing but those permissions may be tailored down a little more using the cvs_acls script (look in the contrib directory). LockDir can be used to open up read permissions some. https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_2.html#SEC17 https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_18.html#SEC182 Note the cvs-1.11.19 manual is out, but I had these links handy from last week. -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ Info-cvs mailing list [email protected] http://lists.gnu.org/mailman/listinfo/info-cvs
