[cvsnt] viewvc repecting cvsnt's ACLs

Bo Berglund Bo.Berglund at system3r.se
Tue Mar 13 16:08:28 GMT 2007 

No matter how Apache authenticates the user you will not get the CVSNT ACL:s respected by ViewVC...

The reason is that once it starts it does not access the files through a regular cvs command at all, instead it parses the RCS files in a given directory all by itself. In the standard ViewVc systems with GNU CVS it does so using the old RCS tools that have been around for 10 years or so.

Since these choke on CVSNT repositories due to the extra data CVSNT stores inside the RCS files, there was a few years back added an option for ViewVC to use cvsnt as an RCS parser. So if it is configured like that it calls cvs instead, but it is not done via a cvs protocol!

The call is simply a normal process call and cvs then parses out the standard information that ViewVC cares for. 

So I think that unless there are extensions made to both ViewVC and CVSNT to use a userID as one argument to the RCS parsing and then let CVSNT decide what can be shown depening on the ACL:s, it won't work.

So then only directory/file level permissions on the file system will be possible to use.


Best regards,

Bo Berglund


-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf Of Jürgen Depicker
Sent: den 13 mars 2007 08:54
To: cvsnt mailing list manager
Subject: Re: [cvsnt] viewvc repecting cvsnt's ACLs

Could you please help me out on this?  I don't quite understand.  I have 
a ubuntu server, with apache running as www-data.  Is it possible to 
make apache authenticate the user, and have ti start up viewvc as the 
user who just authenticated?
Regards,
Jurgen.
> > Assuming that the CVSNT RCS wrappers respect the ACL's, it is simply a
> > matter of making ViewVC run as the authenticated user. You can create a
> > small setuid program for this.
> >
> > -Torsten
> Jürgen Depicker wrote:
> > Torsten, do you mean running the stand-alone viewvc webserver?  
> No, a standard web server.
>
> -Torsten
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>


_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

More information about the cvsnt mailing list