Re: Group permissions to branches
You can't really do this with the CVSROOT/passwd file. But if you are primarily concerned about who can commit to Branch A and Branch B (as opposed to checkout), you can implement that using CVSROOT/commitinfo. (I answered a similar request earlier, and discounted the option of using an alternate directory for lock files. This is one of the primary reasons why. You cannot use unix permissions to govern which branch a user can work on, which is a fundamental need in my experience. I believe this is the only mechanism in CVS for this.) Your commitinfo script can examing the CVS/Tag file. It's the trunk (mainline) if it doesn't exist, or doesn't have "T" as the first character in it, otherwise the branch name follows the "T". It is more work, but also more technically correct to examine the tag value in the CVS/Entries or CVS/Entries.Log file for each file being committed instead, since it is possible for a user to update a file from a different branch into her tree and commit it. The CVS/Tag doesn't necessarily reflect the branch of every file in the directory. An additional thing I check that all the files being committed are in the same branch, since committing to two different branches at once is almost always a result of user error, and it can be painful to correct. I figure they can commit twice if that is their intent. Once you know the branch of the file, you can check that the user is allowed to commit to that branch using a database of your own design (could be as simple as a text file with usernames for each branch). Just make sure that when your commitinfo scripts disallow a commit, they print a very clear error message to STDOUT. This will save you and your cvs users a lot of guesswork later. -Brian On Tue, Apr 09, 2002 at 12:33:07PM -0400, Danial Islam wrote: > I'm not sure if I posted this already, but here goes again: > > In my repository I have set up a main trunk with two branches coming out > of it, e.g. Branch A and > Branch B.Is it possible to restrict Branch A to a certain group of > users, and Branch B to another group of users? How would this be done > in UNIX? > > How would I modify the CVSROOT/passwd file to accomodate this? Right now > my passwd file currently has [unix ID]:[encoded password] for each user. > > Any help would really, really be appreciated! > > > Danial. > > > ___ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Group permissions to branches
Thanks a lot for the reply. Yes, I did notice the CVS/Tag file before, and I wrote a simple shell script with commitinfo and checkoutlist. But you are right that CVS/Entries should be checked instead. I don't know how to do this with a shell script, and I don't know Perl either. Here is my shell script, attached. Perhaps you know how I can fix it up, or maybe I can have a look at your code? Danial. Brian Poynor wrote: > You can't really do this with the CVSROOT/passwd file. But if you are > primarily concerned about who can commit to Branch A and Branch B (as > opposed to checkout), you can implement that using CVSROOT/commitinfo. > > (I answered a similar request earlier, and discounted the option of > using an alternate directory for lock files. This is one of the > primary reasons why. You cannot use unix permissions to govern which > branch a user can work on, which is a fundamental need in my > experience. I believe this is the only mechanism in CVS for this.) > > Your commitinfo script can examing the CVS/Tag file. It's the trunk > (mainline) if it doesn't exist, or doesn't have "T" as the first > character in it, otherwise the branch name follows the "T". It is more > work, but also more technically correct to examine the tag value in > the CVS/Entries or CVS/Entries.Log file for each file being committed > instead, since it is possible for a user to update a file from a > different branch into her tree and commit it. The CVS/Tag doesn't > necessarily reflect the branch of every file in the directory. > > An additional thing I check that all the files being committed are in > the same branch, since committing to two different branches at once is > almost always a result of user error, and it can be painful to > correct. I figure they can commit twice if that is their intent. > > Once you know the branch of the file, you can check that the user is > allowed to commit to that branch using a database of your own design > (could be as simple as a text file with usernames for each branch). > > Just make sure that when your commitinfo scripts disallow a commit, > they print a very clear error message to STDOUT. This will save you > and your cvs users a lot of guesswork later. > > -Brian > > On Tue, Apr 09, 2002 at 12:33:07PM -0400, Danial Islam wrote: > > I'm not sure if I posted this already, but here goes again: > > > > In my repository I have set up a main trunk with two branches coming out > > of it, e.g. Branch A and > > Branch B.Is it possible to restrict Branch A to a certain group of > > users, and Branch B to another group of users? How would this be done > > in UNIX? > > > > How would I modify the CVSROOT/passwd file to accomodate this? Right now > > my passwd file currently has [unix ID]:[encoded password] for each user. > > > > Any help would really, really be appreciated! > > > > > > Danial. > > > > > > ___ > > Info-cvs mailing list > > [EMAIL PROTECTED] > > http://mail.gnu.org/mailman/listinfo/info-cvs > > ___ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs Checkin.csh Description: C-Shell script
Re: Group permissions to branches
On Tue, Apr 09, 2002 at 05:19:58PM -0400, Danial Islam wrote:
> Thanks a lot for the reply. Yes, I did notice the CVS/Tag file before, and I
> wrote a simple shell script with commitinfo and checkoutlist. But you are
> right that CVS/Entries should be checked instead. I don't know how to do
> this with a shell script, and I don't know Perl either.
It takes a lot of work to do in shell, but fairly easy in Perl. Might
be worth your time learning Perl or Python, if you do this sort of
thing much.
> Here is my shell script, attached. Perhaps you know how I can fix it up, or
> maybe I can have a look at your code?
In Perl, you can do something like (extracted from a much more
complicated script, not tested as-is):
# read the entries branch info into a hash
foreach $entries ("CVS/Entries", "CVS/Entries.Log") {
if (open FILE, $entries) {
while () {
chop;
($file, $branch) = (split '/')[1,5];
$branch = 'Trunk' unless $branch =~ s/^T//;
$branches{$file} = $branch;
}
close FILE;
}
}
# use the branch of the first committed file as a reference
# make sure all files are on the same branch
# given: @files is a list of files being committed in this dir
$branch = $branches{shift @files};
foreach (@files) {
if ($branches{$_} ne $branch) {
print STDERR
"\n",
"You must commit to a single branch in each commit.\n",
"Attempt to commit to both $branch and $branches{$_}\n\n";
exit 1;
}
}
# check if the user is able to commit to this branch
# keep a list of usernames in a file named "$CVSROOT/writers-$branch"
if (open FILE, "$ENV{CVSROOT}/writers-$branch") {
$user = getpwuid $<;
$found = 0;
while () {
/^$user\b/o and found = 1, last;
}
close FILE;
unless ($found) {
if ($branch eq "Trunk") {
print STDERR
"\n",
"You are not allowed to commit to the Trunk\n\n";
} else {
print STDERR
"\n",
"You are not allowed to commit to branch $branch\n\n";
}
exit 1;
}
}
Hope this helps.
-Brian
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Group permissions to branches
Dear Brian,HiSorry i am asking a question regarding a little old thread on mailing list. Can u please explain why u r not recomending to use a option of using an alternate directory for lock files, specially in this case. Regards, shakeel Brian Poynor wrote: [EMAIL PROTECTED]"> You can't really do this with the CVSROOT/passwd file. But if you areprimarily concerned about who can commit to Branch A and Branch B (asopposed to checkout), you can implement that using CVSROOT/commitinfo.(I answered a similar request earlier, and discounted the option ofusing an alternate directory for lock files. This is one of theprimary reasons why. You cannot use unix permissions to govern whichbranch a user can work on, which is a fundamental need in myexperience. I believe this is the only mechanism in CVS for this.)Your commitinfo script can examing the CVS/Tag file. It's the trunk(mainline) if it doesn't exist, or doesn't have "T" as the firstcharacter in it, otherwise the branch name follows the "T". It is morework, but also more technically correct to examine the tag value inthe CVS/Entries or CVS/Entries.Log file for each file being committedinstead, since it is possible for a user to u pdate a file from adifferent branch into her tree and commit it. The CVS/Tag doesn'tnecessarily reflect the branch of every file in the directory.An additional thing I check that all the files being committed are inthe same branch, since committing to two different branches at once isalmost always a result of user error, and it can be painful tocorrect. I figure they can commit twice if that is their intent.Once you know the branch of the file, you can check that the user isallowed to commit to that branch using a database of your own design (could be as simple as a text file with usernames for each branch).Just make sure that when your commitinfo scripts disallow a commit,they print a very clear error message to STDOUT. This will save youand your cvs users a lot of guesswork later.-BrianOn Tue, Apr 09, 2002 at 12:33:07PM -0400, Danial Islam wrote: I'm not sure if I posted this already, but here goes again:In my repository I have set up a main trunk with two branches coming outof it, e.g. Branch A andBranch B.Is it possible to restrict Branch A to a certain group ofusers, and Branch B to another group of users? How would this be donein UNIX?How would I modify the CVSROOT/passwd file to accomodate this? Right nowmy passwd file currently has [unix ID]:[encoded password] for each user.Any help would really, really be appreciated!Danial.___Info-cvs mailing list[EMAIL PROTECTED]http://mail.gnu.org/mailman/listinfo/info-cvs ___Info-cvs mailing list[EMAIL PROTECTED]http://mail.gnu.org/mailman/listinfo/info-cvs --
Re: Group permissions to branches
I'm not saying that you should not use a separate lock directory, just that it won't help you solve this problem. You cannot control access to branches using unix permissions, since the same RCS files contains all the branches. Users need write permission to the directories to commit to any branch. -Brian On Mon, Apr 29, 2002 at 07:17:26PM +0500, Muhammad Shakeel wrote: > Dear Brian, > Hi > > Sorry i am asking a question regarding a little old thread on mailing list. Can u >please explain why u r not recomending to use a option of using an alternate >directory for lock files, specially in this case. > > Regards, > shakeel > > > Brian Poynor wrote: > > >You can't really do this with the CVSROOT/passwd file. But if you are > >primarily concerned about who can commit to Branch A and Branch B (as > >opposed to checkout), you can implement that using CVSROOT/commitinfo. > > > >(I answered a similar request earlier, and discounted the option of > >using an alternate directory for lock files. This is one of the > >primary reasons why. You cannot use unix permissions to govern which > >branch a user can work on, which is a fundamental need in my > >experience. I believe this is the only mechanism in CVS for this.) > > > >Your commitinfo script can examing the CVS/Tag file. It's the trunk > >(mainline) if it doesn't exist, or doesn't have "T" as the first > >character in it, otherwise the branch name follows the "T". It is more > >work, but also more technically correct to examine the tag value in > >the CVS/Entries or CVS/Entries.Log file for each file being committed > >instead, since it is possible for a user to update a file from a > >different branch into her tree and commit it. The CVS/Tag doesn't > >necessarily reflect the branch of every file in the directory. > > > >An additional thing I check that all the files being committed are in > >the same branch, since committing to two different branches at once is > >almost always a result of user error, and it can be painful to > >correct. I figure they can commit twice if that is their intent. > > > >Once you know the branch of the file, you can check that the user is > >allowed to commit to that branch using a database of your own design > >(could be as simple as a text file with usernames for each branch). > > > >Just make sure that when your commitinfo scripts disallow a commit, > >they print a very clear error message to STDOUT. This will save you > >and your cvs users a lot of guesswork later. > > > >-Brian > > > >On Tue, Apr 09, 2002 at 12:33:07PM -0400, Danial Islam wrote: > > > >>I'm not sure if I posted this already, but here goes again: > >> > >>In my repository I have set up a main trunk with two branches coming out > >>of it, e.g. Branch A and > >>Branch B.Is it possible to restrict Branch A to a certain group of > >>users, and Branch B to another group of users? How would this be done > >>in UNIX? > >> > >>How would I modify the CVSROOT/passwd file to accomodate this? Right now > >>my passwd file currently has [unix ID]:[encoded password] for each user. > >> > >>Any help would really, really be appreciated! > >> > >> > >>Danial. > >> > >> > >>___ > >>Info-cvs mailing list > >>[EMAIL PROTECTED] > >>http://mail.gnu.org/mailman/listinfo/info-cvs > >> > > > >___ > >Info-cvs mailing list > >[EMAIL PROTECTED] > >http://mail.gnu.org/mailman/listinfo/info-cvs > > > > -- > > ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
