[cvsnt] Re: chacl problem configuring access to individual files

Tony Hoyle tony.hoyle at march-hare.com
Fri Apr 28 15:09:33 BST 2006


Oliver Koltermann wrote:

> "For a user to have access to a directory, they must have at least
> read access to all the directories above it. If a user has a 'no
> access' ACL on a parent directory they cannot be granted access to
> directories below it."
> 
> I assume the same is true for the write access right.
> 
>
Ultimately everything in both cvs and cvsnt is directory based - this 
has implications for any ACL implementation... for a commit to succeed 
on a file it must also succeed on its containing directory.

That means that file ACLs can only remove privileges that exist in the 
containing directory.. they can never add new ones.

The use of a file ACL is largely limited to the lockdown of single files 
so they can be only updated by a limited number of people.  Even then in 
most cases a separate directory will be easier to manage.

Tony



More information about the cvsnt mailing list