Hi
I've been trying to migrate our cvs repository from an old sun server to a new
redhat server. The project was on hold for a while and I'm resuming again and
have couple of questions. CVS was installed on the new RHLE server, a test
tarball of the old(existing) repository was initialized, and configured and I
can access it via the pserver method from my windows client machine using
Wincvs or cvs command line, and do commits, etc.
Our repository is located at /cvs with 3 main directories underneath it, each
representing an intra-department in our group. I would like each dept to have
r/w access to their own directory but read-only access to the other 2
directories as well. And I came across this example or excerpt from the CVS
manual which I think needs a bit more explanation as I find it a bit ambiguous,
see below. I tested this feature or set up and I can login as a user mapping
to cvs-foo and check out cvs-foo folder but can't see the cvs-bar folder and
vice versa. How can I fine tune this set up so cvs-foo users can have r/o
access to cvs-bar folder? If I implement the below method, which group should
own CVSROOT? And should anyone be added to the readers/writers files? Thanks
for your help and time.
----Excerpt----
"Suppose you want to grant some remote developers access to project foo, and
others access to project bar, and you don't want developers from one project to
have commit access to the other. You can accomplish this by creating
project-specific user accounts and groups on the system and then mapping to
those accounts in the CVSROOT/passwd file.
Here's the relevant excerpt from /etc/passwd
cvs-foo:*:600:600:Public CVS Account for Project
Foo:/usr/local/cvs:/bin/false
cvs-bar:*:601:601:Public CVS Account for Project
Bar:/usr/local/cvs:/bin/false
and from /etc/group
cvs-foo:*:600:cvs-foo
cvs-bar:*:601:cvs-bar
and, finally, CVSROOT/passwd:
kcunderh:rKa5jzULzmhOo:cvs-foo
jmankoff:tGX1fS8sun6rY:cvs-foo
brebard:cAXVPNZN6uFH2:cvs-foo
xwang:qp5lsf7nzRzfs:cvs-foo
dstone:JDNNF6HeX/yLw:cvs-bar
twp:glUHEM8KhcbO6:cvs-bar
ffranklin:cG6/6yXbS9BHI:cvs-bar
yyang:YoEqcCeCUq1vQ:cvs-bar
Some of the CVS usernames map onto the system user account cvs-foo and some
onto cvs-bar. Because CVS runs under the user ID of the system account, you
just have to make sure that the relevant parts of the repository are writeable
only by the appropriate users and groups. If you just make sure that the user
accounts are locked down pretty tight (no valid login password, /bin/false as
the shell), then this system is reasonably secure (but see later in this
chapter about CVSROOT permissions!). Also, CVS does record changes and log
messages under the CVS username, not the system username, so you can still tell
who is responsible for a given change."
----End of Excerpt----
_________________________________________________________________
Rediscover HotmailĀ®: Now available on your iPhone or BlackBerry
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009
