[cvsnt] CVSNT Security using NTFS questions

Morris, Jason jason.morris at intel.com
Wed Nov 12 18:16:14 GMT 2003


Thanks for the info...let me chew on this a little bit.

Another question I have is what if you have conflicting privileges
granted between NTFS and the writers file...which permissions will CVS
use?

Say UserA has RO NTFS permission on a module, however UserA is listed in
the writers file...will UserA be allowed to commit?  How about vice
versa?

Jason 

-----Original Message-----
From: Glen Starrett [mailto:grstarrett at cox.net] 
Sent: Wednesday, November 12, 2003 10:43 AM
To: Morris, Jason; cvsnt at cvsnt.org
Subject: RE: [cvsnt] CVSNT Security using NTFS questions

> Will adding users to the 'writers' file inside of the CVSROOT module 
> give those users (listed in the file) commit privileges to ALL modules

> in the repository?

Yes

> By using the 'writers' file, can I specify module level security?

No, but you can use ACL's within CVS.

> Assume the following...
> 
> - I executed Glen's script
> - I HAVE NOT added the 'admin' and/or 'writers' files under the 
> CVSROOT module
> - Have changed Glen's CVSUser group to be Everyone account
> 
> After reading the permissions set up by the script, my repositories 
> will allow Everyone to update and commit files to any module except 
> for the CVSROOT module.  Am I reading this correctly?

Yes, assuming you mean 'writers' is not present.  The mere presence of
'writers' means that all people who can commit need to be listed in
there.

> I read the different NTFS Privileges as...
> 
> If UserA has Full Control privileges on a file/module, then they have 
> checkout, update and commit access to the module/file
> 
> If UserB only has Read privileges, then UserB can checkout and update 
> the file, but cannot commit the file.
> 
> Is there a difference between Modify privileges and Full Control 
> privileges in relation to CVSNT security?

CVSNT doesn't modify files--it does a full replace on files that it
updates to keep the changes atomic and avoid corruption if something
should happen to/on the server while CVSNT is trying to perform it's
operations.


Glen Starrett




More information about the cvsnt mailing list