[cvsnt] Re: ACL questions (again)

Tony Hoyle tony.hoyle at march-hare.com
Fri Nov 25 10:45:14 GMT 2005 

Gerhard Fiedler wrote:
> First comment is that the form the parameters get passed to the command
> doesn't lend itself well to routing calls to cvs through a batch file. The
> batch file interprets the comma (as in "-a read,write") as parameter
> separator and passes this on with a space (as in "-a read write"). Not sure
> that is relevant for many, but it's for me... 

What kind of batch file?  AFAIK cmd.exe doesn't behave like this.

> Secondly I have a question about the recursiveness. The manual says that
> the ACLs are recursive; that is, the effective permissions in a given
> directory are the overlay of all permissions set in all parent directories.
> Yet it seems that the command (r)lsacl returns only the permissions set for
> the particular directory it gets called for (that is in essence a subset of
> the contents of a single fileattr.xml). Is there a way to retrieve the
> /effective/ permissions on a given module? Or do I always have to run
> (r)lsacl on the module and all parent modules and perform the overlay
> manually?

Pretty much, but then it's never going to be complex normally.. you 
might have a global setting at the root, then one per module.  Less 
often directories within that would have special ACLs.. even then that's 
only 3 layers.

> Third: are there default, overriding ACLs for administrators? Or do I have
> to add them? (I have set all to "none" in the root, and then allow
> individually the modules.)

Administrators always have control access, but obey all other ACLs.

> Fourth: Many (if not all) files/directories don't have an owner now (at
> least that's what lsacl says at first). They seem to get associated to me
> as owner, e.g. after I change the ACLs on them (again according to lsacl).
> Is that something I should be concerned about?

Owners are a bit of a hangover from the old code...  An owner is a local 
administrator for that directory (so can modify the ACLs for it) - 
nothing that can't be done manually with standard ACLs now.

Owners are set by chown/rchown, and automatically by add/import.

Tony

More information about the cvsnt mailing list