[cvsnt] Re: Limiting access to CVSROOT and some CVS commands. ..

Lehman, Curtis CLehman at carrieraccess.com
Wed Aug 4 19:19:45 BST 2004


Mike,

Thanks for the detailed steps. I gave them a try and get:

cvs lsacl CVSROOT

***** CVS exited normally with code 0 *****

Directory: CVSROOT
Owner: <not set>

cvs chown clehman CVSROOT

***** CVS exited normally with code 0 *****

cvs server: User clehman does not exist

cvs lsacl CVSROOT

***** CVS exited normally with code 0 *****

Directory: CVSROOT
Owner: <not set>


my admin file has some comments at the top of the file, all the lines start
with #, and then I have clehman as the first of two entries. Since I am
using SSPI, I do not have a password file in CVSROOT. Any ideas why it says
clehman does not exist? I'm I missing a step?

Thanks,
Curtis Lehman

-----Original Message-----
From: Mike Wake [mailto:mike.wake at thales-tts.com]
Sent: Wednesday, August 04, 2004 11:51 AM
To: CLehman at carrieraccess.com
Cc: cvsnt at cvsnt.org
Subject: Re: [cvsnt] Re: Limiting access to CVSROOT and some CVS commands...

Try this.

Set the config file back to SystemAuth=Yes and relogin as a user in the
admin file. Lets say that user is called "yourAdminUser"

Then login and checkout the CVSROOT module into a sandbox
cd sandbox
cvs co CVSROOT
cd CVSROOT

Check the ACL permissions
cvs lsacl

Make sure "yourAdminUser" owns the directory
cvs chown yourAdminUser

Check again
cvs lsacl

Give yourAdminUser Read Write and Create permissions
cvs chacl yourAdminUser:rwc

Check the result
cvs lsacl

Do the same for any other user AnotherAdminUser Read Write and Create
permissions
cvs chacl yourAdminUser:rwc

Check the result
cvs lsacl


Give everyone else no permission
cvs chacl default:n

Check the result.
cvs lsacl


Ultimately the output of cvs lsacl on your CVSROOT directory should look
something like this.

Directory: .
Owner: yourAdminUser
   default:n
   yourAdminUser:rwc
   AnotherAdminUser:rwc


I did all this within the output window of my favourite GUI WinCVS.


Cheers
Mikew

Tony Hoyle wrote:

> On Wed, 4 Aug 2004 10:51:35 -0600, "Lehman, Curtis"
> <CLehman at carrieraccess.com> wrote:
>
>
>>I have been reading the news posts and tried following them to setup an
>>admin file to limit access to CVSROOT. I am using 2.0.51 of CVSNT with the
>>SSPI protocol for user login. How do I go about limiting access to CVSROOT
>>and some cvs commands like import and remove?
>
>
> You can set certain users to have read only access to the repository
> (using the readers/writers files) and using ACLs do the same for
> branches. 
>
>
>>Now no one was able to log in to CVS. They kept getting "cvs [login
>>aborted]: no such user clehman in CVSROOT/passwd". Contrary to the commit
>>above the line that states "# Set this to `no' if pserver shouldn't check
>>system users/passwords" it looks like the system is trying to access
passwd
>>file which doesn't even exists. How can I get what I want done with the
>
>
> ?? If you set SystemAuth=No and have no passwd file you've removed all
> users from the system, so of course you won't be able to log in...
>
>
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt




More information about the cvsnt mailing list