[cvsnt] problem with checkout / permissions?

Gerhard Fiedler lists at connectionbrazil.com
Fri May 28 15:55:04 BST 2004


I have a system with some restricted permissions, and I'm getting this
result (using the sspi protocol with cvsnt 2.0.41a):

e:\test>cvs -t checkout Module/Test
D:\Programs\CVS\CVSNT\cvs.exe -t checkout Module/Test
  -> Tracelevel set to 1.  PID is 3992
  -> Session ID is f9840b74b8b0000
  -> main loop with CVSROOT=:sspi:user at gedesk:/projects
  -> Encryption enabled
  -> Requesting server cvsignore
  -> Requesting server cvswrappers
  -> Requesting server cvsrc (read-cvsrc2)
S -> do_module(Module/Test, Updating, , )
cvs [server aborted]: Cannot check out files into the repository itself

When I do the same as me myself, it works. But I am the admin on the
server. When I login as any of the restricted users, I get the above. The
odd thing is that it used to work; I don't know what has changed. (I did
update cvsnt on both client and server, but it's been a while since I last
tested this so I don't know whether this is related to it.)

The weird thing is that user can update a previously checked out sandbox of
the same module, he just cannot check out a new sandbox.

Needless to say that my repository is not anywhere near e:\test\. So I'm a
bit lost with that error message. A few search results seem to indicate
that it may be related to a permission issue. But it used to work... :(


Here is a quick run down on the permissions I have set on the server
(Win2k):
- RepositoryRoot: Full Control for admins, service and system only
(inherited throughout the repository)
- RepositoryRoot/CVSROOT: added Read for all other users
- RepositoryRoot/CVSROOT/history and val-tags: added Modify for all other
users
- traversal access to a module (that is if I want a user to have access to
a sub-module): add Read access for that user
- read-only access to a module: add Read and List Folder Contents access
for that user
- normal read-write access to a module: add Full Control for that user
- the temp directory is outside the repository root, and Everyone has Full
Control
- in the CVSROOT/config file I have a line with LockServer=localhost:2402
and also one with LockDir=... (also with Everyone having Full Control to
the lock dir). Do I need the LockDir entry at all, using LockServer?

This setup used to work, with only one quirk: If a user did a checkout or
update, he would see the directory contents of directories for which he
only is supposed to have traversal access. For example Module/Private and
Module/Project. Module would be set up as traversal access, Private as no
access and Project as full access. The user runs a checkout or update on
Module, and gets the error message that Private is not accessible. I'd
rather have them not even know that there is a Private in there. Anybody
knows how to do that?

I also never found a good description what the .perms files do, and how to
use them. Does anybody have a pointer to a description of them?

Sorry for the long post, but I thought that might help to see what's wrong
with my setup...

Thanks for any help,
Gerhard



More information about the cvsnt mailing list