Re: [cvsnt] Is it possible to completely lock down HEAD, but leave a BRANCH open for READ ONLY access?
Terry, Are you sure that the cannot open CVS/Entries for reading message is due to an ACL control issue, and not something with where you're trying to check out your files? -Original Message- From: cvsnt-boun...@cvsnt.org [mailto:cvsnt-boun...@cvsnt.org] On Behalf Of Terry Beavers Sent: Thursday, January 14, 2010 4:09 PM To: cvsnt@cvsnt.org Subject: Re: [cvsnt] Is it possible to completely lock down HEAD,but leave a BRANCH open for READ ONLY access? First, I apologize for the confusion, mainly mine. Second, I reset my AclMode to normal and then started fresh with new ACL's as follows, but am still unable to checkout code from the TEST_BRANCH as a guest user. acl branch=HEAD user=internal all / /acl acl branch=TEST_BRANCH read / /acl From my understanding, these ACLs should translate to the following access privileges: All users who are a member of the internal group should have full access on HEAD and a guest user (who is listed in the readers file, but is NOT a member of the internal group) should be able to checkout code from the TEST_BRANCH, but not from HEAD. The problem is that the guest user is still unable to checkout code from the TEST_BRANCH due to the following error: cvs checkout: cannot open CVS/Entries for reading: No such file or directory Again, I apologize for my confusion Arthur, but what seems to be such a simple configuration is kicking my butt and it's very frustrating. Thanks again for your patience and support, Terry ___ cvsnt mailing list cvsnt@cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/ ** MLB.com: Where Baseball is Always On ___ cvsnt mailing list cvsnt@cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/
Re: [cvsnt] Is it possible to completely lock down HEAD, but leave a BRANCH open for READ ONLY access?
Positive. And after further testing, I believe it actually has something to the WinCVS client (2.0.3.1) as I am able to successfully checkout code from the BRANCH as the guest user when using MyEclipse as my client, even when HEAD is locked down. Although I ended up having to change my AclMode to compat and adjusted ACL's accordingly to get this to work for MyEclipse, which makes sense I guess since Eclipse only supports CVS and not CVSNT. Anyway, it ended up being more important for us to have this work with MyEclipse than with WinCVS, so I think this workaround will suffice for now. Thanks for your support, Terry -Original Message- From: Risman, Mark [mailto:mark.ris...@mlb.com] Sent: Tuesday, January 19, 2010 1:12 PM To: Terry Beavers Cc: cvsnt@cvsnt.org Subject: RE: [cvsnt] Is it possible to completely lock down HEAD,but leave a BRANCH open for READ ONLY access? Terry, Are you sure that the cannot open CVS/Entries for reading message is due to an ACL control issue, and not something with where you're trying to check out your files? -Original Message- From: cvsnt-boun...@cvsnt.org [mailto:cvsnt-boun...@cvsnt.org] On Behalf Of Terry Beavers Sent: Thursday, January 14, 2010 4:09 PM To: cvsnt@cvsnt.org Subject: Re: [cvsnt] Is it possible to completely lock down HEAD,but leave a BRANCH open for READ ONLY access? First, I apologize for the confusion, mainly mine. Second, I reset my AclMode to normal and then started fresh with new ACL's as follows, but am still unable to checkout code from the TEST_BRANCH as a guest user. acl branch=HEAD user=internal all / /acl acl branch=TEST_BRANCH read / /acl From my understanding, these ACLs should translate to the following access privileges: All users who are a member of the internal group should have full access on HEAD and a guest user (who is listed in the readers file, but is NOT a member of the internal group) should be able to checkout code from the TEST_BRANCH, but not from HEAD. The problem is that the guest user is still unable to checkout code from the TEST_BRANCH due to the following error: cvs checkout: cannot open CVS/Entries for reading: No such file or directory Again, I apologize for my confusion Arthur, but what seems to be such a simple configuration is kicking my butt and it's very frustrating. Thanks again for your patience and support, Terry ___ cvsnt mailing list cvsnt@cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/ ** MLB.com: Where Baseball is Always On ___ cvsnt mailing list cvsnt@cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/
Re: [cvsnt] Is it possible to completely lock down HEAD, but leave a BRANCH open for READ ONLY access?
Terry, I am trying to completely lock down HEAD, but leave a BRANCH open for READ ONLY access using cvs chacl command, but it seems if I lock down HEAD, then my BRANCH gets locked down as well, even if I create an acl that is supposed to allow READ access on the BRANCH. For example: AclMode is set to normal in my CVSROOT config file I ran cvs chacl -R -r HEAD -a noread,nowrite,nocreate,notag,nocontrol cvs_test/ This step is unnecessary and is the cause of the problem. ACLMode=normal sets the behaviour to 'noone has access unless specifically granted access'. I ran cvs chacl -R -r TEST_BRANCH -a read,nowrite,nocreate,notag,nocontrol cvs_test/ Again - you are overdoing it, you just want to grant read access. I then tried to checkout cvs_test from the TEST_BRANCH, but it returned an error stating I cannot read cvs_test Yes all the deny rules are confusing the issue. I am running CVSNT 2.5.03 Build 2382 on Windows Server 2003 with SP2 This release is very old - 2.5.05 is currently in testing, I strongly recommend the upgrade. Regards, Arthur Barrett ___ cvsnt mailing list cvsnt@cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/
