[cvsnt] Re: CVSNT not enforcing read-only ACL

dzielke at aep.com dzielke at aep.com
Wed Jul 6 18:28:33 BST 2005


The first thing you need to do in setting up ACL's is do a cvs chown and 
give yourself ownership.  Then run cvs chacl for the permissions you want, 
then run it again for each user/group.  Then last run it again with no 
user and turn off access for everyone not specified explicitly.

Thanks,
Don Zielke
American Electric Power
Direct (614) 583-6337
Audinet 8-220-6337
Email dzielke (at) aep.com
---
KForce Professional Staffing
501 W. Schrock Road Suite 207
Westerville, OH 43081




Gerhard Fiedler <lists at connectionbrazil.com>
Sent by: cvsnt-bounces at cvsnt.org
07/03/2005 01:49 PM

 
        To:     cvsnt at cvsnt.org
        cc: 
        Subject:        [cvsnt] Re: CVSNT not enforcing read-only ACL


Marco Rinaudo wrote:

> now let check that my ACLs are set as I was expecting:
> 
> ------------------------
> [root at power test]# cvs -d :pserver:MyLogin:MyPassword at MyServer.Com:/cvs 
> lsacl mymodule
> Directory: mymodule
> Owner: MyLogin
> 
> user=myuser
>         read
> [root at power test]# cvs -d :pserver:MyLogin:MyPassword at MyServer.Com:/cvs 
> rlsacl mymodule
> Directory: mymodule
> Owner: MyLogin
> 
> user=myuser
>         read
> ----------------------------------------
> 
> I eventually managed to sucessfully set "read" rights for the user named 

> myuser under the module named mymodule.
> I am now expecting that myuser is not able to WRITE under mymodule, she 
is 
> supposed to be ONLY able to read not to write. Am I wrong?

I'm not sure, but I think you have to /remove/ the write permission. AFAIK
it's granted by default, so the only thing you've done with this is to add
an explicit read permission to the default read/write permission.

I guess what people do who want to have only explicit rights in their
repositories is to issue a deny everything command for everybody on the
root directory, which then makes the default to be all denied. Then you
enable explicitly the rights you want to give, on the individual modules.

Or you start out with everything granted (the default), and only deny
specific rights to specific users our groups.

Gerhard
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt





More information about the cvsnt mailing list