[Techtalk] CVS question

Conor Daly c.daly at met.ie
Fri Nov 25 23:18:36 EST 2005 

On Fri, Nov 25, 2005 at 06:00:28PM +-1100 or thereabouts, Kathryn Andersen wrote:
> On Fri, Nov 25, 2005 at 05:25:24PM +-1100, Mary wrote:
> > 
> > I think the problem is that she wants to block write access to the
> > *entire* repository for one user, rather than wanting to grant access
> > differently to different parts of the repository.
> 
> According to
> http://cvsbook.red-bean.com/cvsbook.html#The%20Password-Authenticating%20Server
> it does sound like it would be possible to do, though, if
> (a) one made a new "I can-write-to-cvs" user (who can't log in
> in the ordinary way)
> (b) changed all the permissions in the repository to be for that user
> (c) added entries for all legal users to the CVSROOT/passwd file
> and alias them to the special cvs user

We are running a pserver setup here.  The file CVSROOT/writers contains the
list of users who are allowed change things.  The file CVSROOT/readers
contains the list of users who are allowed to read stuff.  Our users
authenticate against the machine's /etc/passwd so there's no CVSROOT/passwd
file to administer.
 
> On the other hand... perhaps it may be solveable with the solution
> suggested earlier: to make a special "cvs" group and change the
> permissions on the repository to be group-write for only that group,
> and make sure that the "general" user isn't a member of that group.
> Because pserver allows access to the repository with the permissions
> of the user that that person is cvs-login logged in as, that should
> work in denying write permission.

To guarantee that one user will be able to update files generated by another
user, the cvs repository directory is owned by a defined group (cli-devel in
our case).  The directory is sgid that group with 

chmod g+-s /sources/cvs

drwxrws---   31 dba      cli_devel     4096 Sep 27 14:40 cvs

This will ensure that any files/directories created will belong to group
cli-devel.  Users with modification rights must have membership of group
cli-devel (this does not need to be their primary group).  

Any new module created by a user will be owned by that user and will be of
group cli-devel and will be modifiable by any other authorised user.  If a
user wishes to create a private module, they must chgroup the directory to
their private group or remove group write permissions.
 
I've used Jenn's "Essential CVS" for my config...

> I'll have to talk to the admin person about that.

Get personal ownership of the cvs repository from the admin and start
hacking!!

More info if required....

Conor
-- 
Conor Daly,                   Please avoid sending me 
Met Eireann, Glasnevin Hill,  Word or PowerPoint attachments.
Dublin 9, Ireland             http://www.fsf.org/philosophy/no-word-attachments.html
Ph +-3531 8064276 Fax +-3531 8064247

*********************************************************************************
This e-mail and any files transmitted with it are confidential and intended solely for the addressee. If you have received this email in error please notify the sender.
This e-mail message has also been scanned for the presence of computer viruses.

T+AOE an r+AO0-omhphost seo, agus aon chomhad at+AOE nasctha leis, faoi r+APo-n agus is don t+AOk a seoladh chuige amh+AOE-in +AOk. M+AOE tharla go bhfuair t+APo an r+AO0-omhphost seo tr+AO0 dhearmad cuir in i+APo-l don t+AOk a sheol +AOk led+IBk thoil.

T+AOE an teachtaireacht r+AO0-omhphoist seo scuabtha le bogearra+AO0 frithv+AO0-reas.
********************************************************************************

More information about the Techtalk mailing list