[cvsnt] ACL's with Domain groups and sspi
Mark Johnson
amarkjohnson at gmail.com
Sat Sep 30 22:48:48 BST 2006
On 9/29/06, bwhicks at aep.com <bwhicks at aep.com> wrote:
>Of course, traces need to be enabled in the server or it won't work.
Thanks for the tip. Since -ttt returned a bunch of debug info, I did not
realize that I had not turned on traces on the server. I now get more debug
info, including the output below:
- "admin_rwctn_DISABLE" is in CVSROOT\group, and I (mjohnso2) am a member of
this group.
- "cvsnonet" is the user defined in the "run as user" setting, and
therefore is also a group in /etc/group, mjohnso2 is not a member of this
group.
- "cvsgroup" is a group in /etc/group, and the cvsnonet user is a member of
this group, but mjohnso2 is not.
These were the only three groups found. Other groups exist in
CVSROOT/group, and /etc/group, but neither "mjohnso2" nor "cvsnonet" are
members.
None of the many domain group that "mjohnso2" is a member were found
(including T360). Do I need to do something special to make cvsnt see the
domain groups?
16:32:48: S -> Checking admin file /cvs/testrepo/CVSROOT/admin for user
mjohnso2
16:32:48: S -> add_valid_group(admin_rwctn_DISABLE)
16:32:48: S -> add_valid_group(cvsgroup)
16:32:48: S -> add_valid_group(cvsnonet)
16:32:48: S -> cache_directory_permissions(/cvs/testrepo/majmodule)
16:32:48: S -> fileattr_read(/cvs/testrepo/majmodule)
16:32:48: S -> fileattr_read(/cvs/testrepo)
16:32:48: S -> verify_valid_name(mjohnso2)
16:32:48: S -> cache_directory_permissions(/cvs/testrepo/majmodule)
16:32:48: S -> ACL lookup on directory /cvs/testrepo/majmodule
16:32:48: S -> verify_acl(read,HEAD,(null))
16:32:48: S -> verify_valid_name(T360)
16:32:48: S -> matched ACL user=, branch=_default_, merge=
16:32:48: S -> calculated ACL priority is 0
16:32:48: S -> user_state = 0, group_state = 0
16:32:48: S -> no match at this level
16:32:48: S -> ACL lookup on directory /cvs/testrepo
16:32:48: S -> verify_acl(read,HEAD,(null))
16:32:48: S -> verify_valid_name(admin)
16:32:48: S -> matched ACL user=, branch=_default_, merge=
16:32:48: S -> calculated ACL priority is 0
16:32:48: S -> new max priority is 0
16:32:48: S -> user_state = 0, group_state = -1
cvsnt server: User mjohnso2 cannot read majmodule
cvsnt server: You do not have read privileges for this module
Thanks,
Mark Johnson
More information about the cvsnt
mailing list