[cvsnt] Linux ACLs
Rodre Ghorashi-Zadeh
rodrico7 at hotmail.com
Wed Sep 12 06:31:58 BST 2007
I have figured out the problem. It has to do with the way CVSNT
handles users and group (it doesn't distinguish between the two) and the way
Redhat type Linux distros create a group with the same name and GID as the
user,
by default, when adding users with the 'useradd' command. The two together
are a
bad mix.
~Rodre
>From: Gerhard Fiedler <lists at connectionbrazil.com>
>To: cvsnt at cvsnt.org
>Subject: Re: [cvsnt] Linux ACLs
>Date: Tue, 11 Sep 2007 15:56:27 -0300
>
>Rod Ghorashi-Zadeh wrote:
>
> > I am trying to setup a CVSNT server on Linux. I wish to use ACLs but I
> > am not having much luck implementing them. It seems that when I set the
> > AclMode=normal in CVSROOT/config it locks down the CVS tree until I add
> > the 'cvsnt' user, then the ACLs on the CVS tree become wide open for
> > subsiquent users I add to the system. I have searched around for any
> > information on implementing ACLs in a *nix environment but haven't been
> > able to find anything. What I need to figure out is how the [file]system
> > ACLs relate to the the CVSNT ACLs. Any information is much appreicated.
>
>I'm not very experienced with CVSNT on Linux, but this is what I gather
>from how CVSNT works in general.
>
>CVSNT runs as a certain user. I don't know what options you have on Linux,
>but probably it's either the user who runs the command (probably the most
>common scenario, especially with SSH type access) or a user that you have
>set up somewhere in the CVSNT config file. This user must have the
>necessary file system permissions on the repository. (In my setup on
>Windows, all CVSNT users have file system read/write access to the whole
>repo. They are members of a group, and this group has the necessary
>permissions.)
>
>On top of that, CVSNT implements its own ACLs, which of course only matter
>for access through CVSNT. The file system permissions together with the
>configuration as which user the CVSNT executable runs limit what CVSNT can
>do (which is pretty much everything in my case), but the CVSNT ACLs may
>limit further what the CVSNT user can do. That's where I determine who has
>only read-only access etc.
>
>Instead of ACLs for a single user, you can use groups. That's probably the
>more common use.
>
>In order to be able to help you, even someone with experience how to set up
>CVSNT on Linux probably needs some more info: what users and groups you
>have set up, what permissions you have on your repo files, how you have
>CVSNT configured, what CVSROOT access string you're using, just to name a
>few.
>
>Gerhard
>_______________________________________________
>cvsnt mailing list
>cvsnt at cvsnt.org
>http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
_________________________________________________________________
See Fireworks On Live Image Search
http://search.live.com/images/results.aspx?q=Fireworks&mkt=en-ca&FORM=SERNEP
More information about the cvsnt
mailing list