[cvsnt] Linux ACLs

Gerhard Fiedler lists at connectionbrazil.com
Tue Sep 11 19:56:27 BST 2007


Rod Ghorashi-Zadeh wrote:

> I am trying to setup a CVSNT server on Linux. I wish to use ACLs but I
> am not having much luck implementing them. It seems that when I set the
> AclMode=normal in CVSROOT/config it locks down the CVS tree until I add
> the 'cvsnt' user, then the ACLs on the CVS tree become wide open for
> subsiquent users I add to the system. I have searched around for any
> information on implementing ACLs in a *nix environment but haven't been
> able to find anything. What I need to figure out is how the [file]system
> ACLs relate to the the CVSNT ACLs. Any information is much appreicated.

I'm not very experienced with CVSNT on Linux, but this is what I gather
from how CVSNT works in general. 

CVSNT runs as a certain user. I don't know what options you have on Linux,
but probably it's either the user who runs the command (probably the most
common scenario, especially with SSH type access) or a user that you have
set up somewhere in the CVSNT config file. This user must have the
necessary file system permissions on the repository. (In my setup on
Windows, all CVSNT users have file system read/write access to the whole
repo. They are members of a group, and this group has the necessary
permissions.)

On top of that, CVSNT implements its own ACLs, which of course only matter
for access through CVSNT. The file system permissions together with the
configuration as which user the CVSNT executable runs limit what CVSNT can
do (which is pretty much everything in my case), but the CVSNT ACLs may
limit further what the CVSNT user can do. That's where I determine who has
only read-only access etc.

Instead of ACLs for a single user, you can use groups. That's probably the
more common use.

In order to be able to help you, even someone with experience how to set up
CVSNT on Linux probably needs some more info: what users and groups you
have set up, what permissions you have on your repo files, how you have
CVSNT configured, what CVSROOT access string you're using, just to name a
few.

Gerhard


More information about the cvsnt mailing list