Re: CVS Permissions

info-cvs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS Permissions

From:	Noel L Yap
Subject:	Re: CVS Permissions
Date:	Tue, 21 Nov 2000 21:07:14 -0500
I wound up using file system ACLs (man setfacl or man getfacl for more info).

The gist of CVS permissions are:
   Those that need checkout privileges need read permissions on the archive
   files and the directories and read/write permissions in LockDir.
   Those that need checkin privileges need read permissions on the archive files
   and read/write permissions in $CVSROOT and LockDir.

Since a brand new archive file is created each time a file is checked in, the
ACLs must be maintained upon each checkin.  Following is the loginfo script will
have archive files and new directories inherit (with some changes) the ACLs of
their parent directory:
#!/usr/local/bin/perl


#
# This script:
# 0. maintains the ACLs of repository archive files and directories
#
# Notes:
# 0. needs %{sv} specified in loginfo
#
# Contributed by Noel Yap (address@hidden)

# perl settings
$"=""; # set list separator to null

# constants

$STATE_NONE     = 0;
$STATE_MODIFIED = 1;
$STATE_ADDED    = 2;
$STATE_REMOVED  = 3;
$STATE_LOG      = 4;

$CVSROOT = $ENV{"CVSROOT"};
$CVSROOT =~ s/^.*://;

# subroutines
sub setacl
{
    my ($parent, $entry) = @_;

    if(-d "$entry")
    {
        system("getfacl $parent | grep -v '^default:' | setfacl -f - $entry");
    }
    elsif(-x "$entry")
    {
        system("getfacl $parent | grep -v '^default:' | sed -e 's/:r[-w][-x]/:r-
x/' | setfacl -f - $entry");
    }
    else
    {
        system("getfacl $parent | grep -v '^default:' | sed -e 's/:r[-w][-x]/:r-
-/' | setfacl -f - $entry");
    }
}

# main
# parse command line arguments (file list is seen as one arg)
@argv = split(/ /, shift @ARGV);
$directory = shift @argv; # directory relative to $CVSROOT

foreach $v (@argv)
{
    my ($file, $rev) = split /,/, $v;

    if($file eq "-")
    {
        my ($word1, $rev) = split /,/, $argv[1];

        if($word1 eq "New")
        {
            my ($word2, $rev) = split /,/, $argv[2];

            if($word2 eq "directory") # new directory
            {
                ($file = $directory) =~ s/.*\///; # new directory name without
path specification
                $directory =~ s/(.*)\/.*/$1/; # path specification of new
directory relative to module

                &setacl("$CVSROOT/$directory", "$CVSROOT/$directory/$file");
            }
        }
        elsif($word1 eq "Imported")
        {
            my ($word2, $rev) = split /,/, $argv[2];

            if($word2 eq "sources") # import
            {
                my @directories;
                my @files;

                while(<STDIN>)
                {
                    chop;

                    if(/^Status:/)
                    {
                        $state = $STATE_NONE;

                        next;
                    }
                    elsif(/^Release Tags:/)
                    {
                        $state = $STATE_ADDED;

                        next;
                    }
                    elsif(/^Log Message:/)
                    {
                        $state = $STATE_LOG;

                        next;
                    }

                    if($state == $STATE_ADDED)
                    {
                        if(/^N /)
                        {
                            $file = $';

                            push @files, "$file ";
                        }
                    }
                }

                foreach $directory (`echo "@files" | xargs -n1 dirname | uniq`)
                {
                    chop $directory;

                    &setacl("$CVSROOT", "$CVSROOT/$directory");
                }

                foreach $file (@files)
                {
                    chop $file;

                    &setacl("$CVSROOT", "$CVSROOT/$file,v");
                }
            }
        }

        last;
    }
    else # the file has been added, modified, or removed
    {
        if(-f "$CVSROOT/$directory/$file,v")
        {
            &setacl("$CVSROOT/$directory", "$CVSROOT/$directory/$file,v");
        }
        else
        {
            &setacl("$CVSROOT/$directory", "$CVSROOT/$directory/Attic/$file,v");
        }
    }
}

Hope this helps,
Noel




address@hidden on 2000.11.21 17:27:26

To:   address@hidden
cc:
Subject:  CVS Permissions




You posted a message pertaining to CVS permissions on the CVS newsgroup
awhile back.  You said you were replanning your usage of them.  Could I ask
what conclusions you came to?  We are attempting to use CVS for development
and are having problems with this.  We want an easy way to manage
permissions on a per-module basis but have yet to find one.





This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
[Prev in Thread]
Current Thread
[Next in Thread]
Re: CVS Permissions, Noel L Yap <=
Prev by Date: Memory requirements
Next by Date: single-bit errors
Previous by thread: Memory requirements
Next by thread: single-bit errors
Index(es):
- Date
- Thread