[cvsnt] permission control on CVSROOT in CVSNT 2.0.58d

Lu Sun lsun91125 at yahoo.com
Fri Dec 3 16:27:40 GMT 2004 

I test installed CVSNT on two XP Pro machines that
belong to the same domain. The client machine also has
TortoiseCVS GUI installed. The server and the client
communicates through SSPI. In CVSROOT/config file,
"SystemAuth=no". The users list is in the
CVSROOT/passwd file with password field empty. This
way I have control who can use the repository and
domain users don't need to supply a password (am I
right?).

Here are the few questions I have:
1. When I first checked out CVSROOT, I did not see
these four files: admin, passwd, owner, perm. I had to
set SystemAuth to yes to have admin right and
add/remove users. Before knowing that the passwd file
is auto generated by this, I manually created the
passwd and admin files on the client and did a CVS add
and commit with TortoiseCVS. But the two files did not
appear on the server. Server has the auto-generated
passwd file (I know because the passwd file I manually
created was in the wrong format). I then manually
created an admin file on the server in the CVSROOT
direcotry directly - this is not the right way, but
other than CVS add and commit, I don't know what else
to do. My questions are what's the correct procedure
to create the admin file? How do I specify a list of
files in CVSROOT so that users can only check out
certain files?
2. Since I don't know how to control what's checked
out or not in CVSROOT, the config file is always
checked out. The passwd and admin files are always
not. On the server, the CVSROOT directory is set full
permission to the CVSUsers group. Then everyone in
this group can check out and change the "config" file,
although not listed in "admin", they could change
"SystemAuth" to "yes" and become admin. I tested with
changing the CVSROOT directory permission on the
server to read only to CVSUsers group, now users
cannot change the "config" file, when modifying files
in other modules, there's a waring from the server:
"cannot write to history file
C:/cvsrepo/CVSROOT/history: Permission denied". I also
read in a document that users need write permission to
the "taginfo" file as well, but I don't see this
warning, is it changed in 2.0.58d? If I cannot control
what files should be checked out or not, is there any
way for me to specify the correct permission at file
level? My basic test failed with turning permissions
on individule files.
3. I then tried to play with chacl, but CVSROOT/owner
and perm files are not automatically generated for me,
what's the right format for them? What's the right
procedure to create them? Can I solve my previous
problem through these files? I tried "cvs chacl
default:no", I got error from server: "nothing known
about default:no". How do I set default permission to
no and only admin have rwc?

Thanks,

Lu 


		
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail

More information about the cvsnt mailing list