[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setting up a read only group along with the normal dev. group

From: Greg A. Woods
Subject: Re: setting up a read only group along with the normal dev. group
Date: Thu, 6 Sep 2001 21:17:25 -0400 (EDT)

[ On Thursday, September 6, 2001 at 14:44:15 (-0400), Jones, Lee (Lee) wrote: ]
> Subject: setting up a read only group along with the normal dev. group
> The manual says that all directories must have write permissions for whoever
> needs to checkout from the repository so that CVS can create the temporary
> lock files.  It also said that the files themselves should be read only.  It
> just doesn't seem possible to have one group with read/write permissions and
> one with read-only on the same repository if the only file permission you
> need to change/update a file in the repository is read.  

The first trick you need to know is that CVS (like RCS) actually
modifies the file by creating a temporary copy of it.  This means that
the write permissions on files, and indeed even their ownerships, are
irrlevant w.r.t. the ability to "change" the file (i.e. commit, tag,
etc.).  All a committer needs is read access to the file.  It also means
that it is the permissions on the directories which govern who can
change files.  With write permission on a directory you can create a new
file in that directory and you can remove the old one.

(Note this is really basic unix permissions stuff -- if you're still
wanting more explanation I'd suggest reading a good tutorial on Unix
filesystem permissions and their implications.)

The other trick to know is that CVS creates lock directories in the
repository directories while it's accessing the ,v files.  This means
that to allow read-only access to a CVS repository you have to either
tell CVS to create its access locks in another place where the read-only
users also have write access (with the CVSROOT/config option "LockDir"),
or tell it not to create locks at all for read-only users (there's a
nifty patch available from the NetBSD pkgsrc system which implements
this feature).  Note that latter option means that a read-only operation
could end up with inconsistent results, but presumably for read-only
access that's not as huge a problem, especially if you're aware of the

                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <address@hidden>     <address@hidden>
Planix, Inc. <address@hidden>;   Secrets of the Weird <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]