[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: differenting cvs users privileges

From: Mark
Subject: Re: differenting cvs users privileges
Date: Sat, 23 Jun 2001 18:32:10 -0700 (PDT)

Hi, Imre. I setting up something pretty similar to what you looking to do.

--- Imre Oolberg <address@hidden> wrote:
> What i have in mind is a sinlge repository, accessable over pserver and
> CVS users are not native UNIX users. Under the repository i plan to set up
> several cataloges ie projects and i want to restrict access to certain
> projects only to certain CVS users.

> So i though, i define separate modules according to a projects and
> 'somewhere' show what CVS user is permitted to deal with which module. I
> think it doesnt need to be more grained like to provide some users read-only
> and
> other read-write access. Just access vs no-access.
> But i couldnt figure out where is that 'somewhere' :(

If you want multiple projects in one repository while controling access on the
project level, you will have to have a different group for each project
directory structure. Either the user's unix id has to be in the proper group
for the project (pserver as root), or the cvs pseudo user has to be in the
proper group for the project (pserver as non-root). Since your users won't all
have unix ids, you will need a psudeo user for each project, and map the user
to the proper psuedo user in CVSROOT/passwd. I prefered not to have to worry
about maintaining a psudeo cvs account per project, so I went with your
approach below.

> Other possibility, i guess its the way i need to go is to create for each
> project separate repository. But at some point inside the repository my
> appear the need to differentiate the users anyway. So this is temporary
> solution.

Here you can have one non-root cvs psuedo user to run the cvs pserver. Here you
can have one group to own all repositories (no users should be in that group,
of course). This means even a user happens to be on the server, the user must
connect via pserver. Have one passwd file be the master, have all other
CVSROOT/passwd files symlink to it. Create a writers file in each repository to
control access to each repository.

> In addition there was warning that inetd.conf allows its lines to be fixed
> length and it might be a problem with multiple repositories. I need to
> check it out on my system which is slackware current but may become any
> linux if it needs to)

I have tested up to 30 cvsroot --allow-root options in a pserver call. I don't
think there is a limit to the number of --allow-root options. Of course I don't
use the standard CVS manual inetd.conf line. I have a c program in inetd.conf,
call it pcvs, that dynamically reads a config file for a list of cvsroots, then
calls pserver as per CVS manual. I run it on solaris, you should be able to set
it up on linx also. It propably doesn't have to be a c program, a perl script
might work also.

Hope something here helps.

\==\  Mark O'Brien
\==\  CM Consultant
\==\  address@hidden

Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail

reply via email to

[Prev in Thread] Current Thread [Next in Thread]