[Techtalk] CVS question
Conor Daly
c.daly at met.ie
Fri Nov 25 23:18:36 EST 2005
On Fri, Nov 25, 2005 at 06:00:28PM +-1100 or thereabouts, Kathryn Andersen wrote:
> On Fri, Nov 25, 2005 at 05:25:24PM +-1100, Mary wrote:
> >
> > I think the problem is that she wants to block write access to the
> > *entire* repository for one user, rather than wanting to grant access
> > differently to different parts of the repository.
>
> According to
> http://cvsbook.red-bean.com/cvsbook.html#The%20Password-Authenticating%20Server
> it does sound like it would be possible to do, though, if
> (a) one made a new "I can-write-to-cvs" user (who can't log in
> in the ordinary way)
> (b) changed all the permissions in the repository to be for that user
> (c) added entries for all legal users to the CVSROOT/passwd file
> and alias them to the special cvs user
We are running a pserver setup here. The file CVSROOT/writers contains the
list of users who are allowed change things. The file CVSROOT/readers
contains the list of users who are allowed to read stuff. Our users
authenticate against the machine's /etc/passwd so there's no CVSROOT/passwd
file to administer.
> On the other hand... perhaps it may be solveable with the solution
> suggested earlier: to make a special "cvs" group and change the
> permissions on the repository to be group-write for only that group,
> and make sure that the "general" user isn't a member of that group.
> Because pserver allows access to the repository with the permissions
> of the user that that person is cvs-login logged in as, that should
> work in denying write permission.
To guarantee that one user will be able to update files generated by another
user, the cvs repository directory is owned by a defined group (cli-devel in
our case). The directory is sgid that group with
chmod g+-s /sources/cvs
drwxrws--- 31 dba cli_devel 4096 Sep 27 14:40 cvs
This will ensure that any files/directories created will belong to group
cli-devel. Users with modification rights must have membership of group
cli-devel (this does not need to be their primary group).
Any new module created by a user will be owned by that user and will be of
group cli-devel and will be modifiable by any other authorised user. If a
user wishes to create a private module, they must chgroup the directory to
their private group or remove group write permissions.
I've used Jenn's "Essential CVS" for my config...
> I'll have to talk to the admin person about that.
Get personal ownership of the cvs repository from the admin and start
hacking!!
More info if required....
Conor
--
Conor Daly, Please avoid sending me
Met Eireann, Glasnevin Hill, Word or PowerPoint attachments.
Dublin 9, Ireland http://www.fsf.org/philosophy/no-word-attachments.html
Ph +-3531 8064276 Fax +-3531 8064247
*********************************************************************************
This e-mail and any files transmitted with it are confidential and intended solely for the addressee. If you have received this email in error please notify the sender.
This e-mail message has also been scanned for the presence of computer viruses.
T+AOE an r+AO0-omhphost seo, agus aon chomhad at+AOE nasctha leis, faoi r+APo-n agus is don t+AOk a seoladh chuige amh+AOE-in +AOk. M+AOE tharla go bhfuair t+APo an r+AO0-omhphost seo tr+AO0 dhearmad cuir in i+APo-l don t+AOk a sheol +AOk led+IBk thoil.
T+AOE an teachtaireacht r+AO0-omhphoist seo scuabtha le bogearra+AO0 frithv+AO0-reas.
********************************************************************************
More information about the Techtalk
mailing list