[Cvsnt] cvsnt pserver ntfs permissions - please help

Bo Berglund bo.berglund at telia.com
Tue Jul 16 20:09:08 BST 2002


First of all:
I had not yet tested the setup you describe, namely having a module
directory on the server
set to readonly for a certain user group and then trying to import stuff
into that module.

But now I have done this on my test server at my summer house:

1. I have created a few usergroups for this test:
- CVSReaders (readonly access everywhere)
- CVSUsers (normal access everywhere except to CVSROOT which is readonly)
- CVSAdmins (full control to all CVS directories)

2. I have added myself to CVSAdmins (obviously) and added one of the users
of this machine to CVSREaders.

3. I have set the repository security as follows:
c:\cvsrepo = remove security inheritance, then add the following groups (my
PC ia named antares):
antares\CVSAdmins (full control)
antares\CVSUsers (full control)
antares\CVSReaders (read only)
SYSTEM (full control) - this is really impotant!
Remove Everyone from the list! Also very important!

4. I have created a new directory c:\cvslocks with full access for everybody

5. As myself I have checked out CVSROOT of teh repository and then entered
this modification to config:
LockDir=c:/cvslocks
Then I have committed this important change, it is needed if you are to get
granular access using NTFS.

6. On a command prompt in an empty directory I have entered this:
set cvsroot=:ntserver:antares:/test
cvs passwd -a brittis
<typed her password twice>
This adds the user brittis to the passwd file which is used for pserver and
some other protocols as well.

7. Then in WinCvs I have checked out a test module ModuleA from the server
using pserver with the user account 'brittis'
This worked fine and the locks are placed in c:\cvslocks

8. Now I have created a directory with one text file in a temp location

9. Then I have navigated to ModuleA in WinCvs and activated Create/Import to
start the import process.
I have specified the import to become ModuleA\Imported

When I click OK WinCvs tries to do the import but fails with these errors:

cvs -z3 import -I ! -I CVS -m "Testar att importera till en readonly module"
ModuleA/Imported Start brittis (in directory C:\test\Imported)

cvs server: cannot make path to C:/cvsrepo/test/ModuleA/Imported: Permission
denied

N ModuleA/Imported/Newreadme.txt

cvs server: ERROR: cannot write file
C:/cvsrepo/test/ModuleA/Imported/Newreadme.txt,v: No such file or directory

No conflicts created by this import

*****CVS exited normally with code 1*****

As you can see there are two cases of failure, one to create the new module
dir and the other to write the file.

So it all works OK as far as I can see...

/Bo

----- Original Message -----
From: "Brennan, Dennis" <DBrennan at seic.com>
To: <bo.berglund at telia.com>
Sent: Tuesday, July 16, 2002 7:38 PM
Subject: cvsnt pserver ntfs permissions - please help


> Bo,
>
> I've seen a lot of material on the web regarding cvsnt and creating fine
> grain security access with ntfs permissions.  I'm trying to set up module
> level read only access using standard windows 2000 security, but with no
> luck.  Most of the things I've read indicate it should work.
>
> Specifically I deny write access to a module for a given group but I am
> still able to import a new module connecting as a user in that group.  I'm
> using pserver with impersonation turned on (build 57f) - and yes I did
make
> sure the local system account has the 'Create a token object' privilege:)
>
> Any help you could provide would be greatly appreciated.  Thanks.
>
> -Dennis

_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt



More information about the cvsnt mailing list