info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pserver user id's


From: Julian Opificius
Subject: Re: pserver user id's
Date: Thu, 07 Jul 2005 08:25:52 -0500
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

foomonkey wrote:
Hello. I have a repository configured and working with pserver. I want
to restrict user's permissions on subdirectories in the repository. I
don't want user A to see user B's projects and vice versa.

In my $CVSROOT/CVSROOT/passwd file, I have something like:

divap:YBGW948yOKKSA:cvsadm

divap is a user on the system. The user id under which CVS runs is
'cvsadm'. In $CVSROOT, I have a subdirectory that looks like this:

drwxrws--x   3 divap    dhdev           512 Jul 06 17:16 divap/

This all works fine except that, the pserver user divap can read ALL
the projects in all the other subdirectories because on the server, he
is actually running as cvsadm (see the passwd file entry above).

If I change the passwd file to look like this:

divap:YBGW948yOKKSA:divap

I get an error when I try to run a 'checkout' on a project in the divap
directory that says:

cvs [checkout aborted]: unrecognized auth response from cae1axp1:
setgroups: Not owner

I don't want everyone to run as the administrator account (cvsadm) and
the docs seem to indicate that they can run as themselves (their shell
accounts) but I get the above error.

Any help would be GREATLY appreciated.

Andrew

Obviously "divap" does not have write access to the repository structure.
In my pserver setup, the repository directories & files are owned "cvs:cvs", and my users run "<username>:<password>:cvs". My admin users DON'T have the ":cvs" part at the end, but instead are members of the linux group "cvsadmin", who are granted access automatically (I'm not sure if it's by pserver or by CVS itself).
Note: I am told it is ill-advised to use admin accounts for regular use.

To get back to the original requirement (restricting access on a per-project basis), I believe that CVS/pserver does not conveniently suppport the granularity of access you require.

julian.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]