[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote repository permissions best practices

From: Todd Denniston
Subject: Re: Remote repository permissions best practices
Date: Mon, 28 Mar 2005 17:07:35 -0500

"Jim.Hyslop" wrote:
> Todd Denniston wrote:
> > 1) all the users who need write access to the repository
> > should be in the
> > same UNIX group.
> Doesn't this effectively negate any benefit of using groups? For example, in
> our setup we want full-time staff to have general access to most of the
> repository, and co-op students to have access only to those sections of the
> repository they are working on. Certain sections of the repository are
> 3rd-party sources protected by an NDA, so only specific people (including
> both full-time and possibly co-op students) have access to those sections.
> How would you accomplish this by using a single group? We can't use
> cvs_acls, because it only restricts access on check-in, not on check-out.

ok another set of assumptions on my part
1) each _project_ has a separate repo and any NDA stuff is kept even
separate from the other normal things.
2) you have three sets of users, a) ones who can write to the repo, b) those
who can read from the repo, and c) those who have no rights to the repo.
This is all I have had to deal with.
If I had to have a section where all my staff could read/write a section of
the repo and co-ops could read/write that section as well, I would probably
make group staff a member of group coops, and set that section of the repo
to group coops. However I have never done it so I would probably be wrong.
3) if I don't want someone having checkout privs then they are not in the
group for that project or the group that has write privs to the LockDir.
 Note: each project in my world has its OWN group, being in group staff gets
you VERY little.

I lead a sheltered life with an un-interesting mix of users. :)

Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane) 
Harnessing the Power of Technology for the Warfighter

reply via email to

[Prev in Thread] Current Thread [Next in Thread]