[cvsnt] ACL problems with 2.5.01.19xx

[Jari Ahonen]

> Also I seem to have some 2.5.01.1927 specific ACL problems
> that don't happen with 2.5.01.1910. Specifically build 1927
> denies commit rights where 1910 works like it should. Same
> ACLs, in fact same repository, just changed server version.

I've now done some more testing and this problem happens with
all 2.5.01 versions > 2.5.01.1910.

I have set up a fileattr.xml file on the repository top level
($CVSROOT/CVS/fileattr.xml) that sets up default permissions
like this:
    <acl user="g-adm">
      <control />
      <create />
      <read />
      <tag />
      <write />
    </acl>
    <acl>
      <message>Only admin group has access here</message>
      <control deny="1" />
      <create deny="1" />
      <tag deny="1" />
      <write deny="1" />
    </acl>

This effectively gives group "g-adm" full rights and sets the
defaults for others to read only.

Then on the module root ($CVSROOT/module/CVS/fileattr.xml) I set
access rights for individual groups permitting access like this:
    <acl user="g-dev">
      <read />
      <write />
      <create />
      <tag />
    </acl>

This has worked OK for CVSNT versions up to and including
2.5.01.1910. With 2.5.01.1927 and above the ACL on the module
root seems to be ignored and users will get an access denied
error with the message from the top-level fileattr.xml file.

Is the behavior of build > 1927 normal or is it somehow broken ?
And if it is normal, what should I change to get back the behavior
of versions up to 2.5.01.1910 ?

- Jari