info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: .O: About access control.(use cvs_acls)

From: Mark D. Baushke
Subject: Re: .O: About access control.(use cvs_acls)
Date: Tue, 06 Dec 2005 18:40:01 -0800 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

xiangbin <address@hidden> writes:

> Mark D. Baushke wrote:
> >Alter your CVSROOT/commitinfo to use the %r/%p %s formats that are being
> >appended like this:
> >
> >  /usr/local/cvsrep/CVSROOT/commit_prep %r/%p %s
> >
> > /usr/local/cvsrep/CVSROOT/cvs_acls  -u xiangbin %r/%p %s
> >
> >and also insert the following line
> >
> > UseNewInfoFmtStrings=yes
> >
> >into your CVSROOT/config file.
> 
> Follow your advice,I altered my CVSROOT/commitinfo file:
> --------------file CVSROOT/commitinfo start ---------------------------
> ALL $CVSROOT/CVSROOT/commit_prep %r%p %s
                                   ^^^^ %r/%p
> ALL $CVSROOT/CVSROOT/cvs_acls   -d -u $USER %r%p %s
                                              ^^^^^ %r/%p
Typo. Put a '/' character between %r and %p

> ---------------file CVSROOT/commitinfo end----------------------------
> and CVSROOT/config file:
> --------------file CVSROOT/config start ---------------------------
> UseNewInfoFmtStrings=yes
> ---------------file CVSROOT/config end----------------------------
> This is what in my  CVSROOT/cvsacl file :
> --------------file CVSROOT/cvsacl start ---------------------------
> deny||CVSROOT
> allow|xiangbin|CVSROOT
> ---------------file CVSROOT/cvsacl end----------------------------
> 
> Now I checkout directory 'CVSROOT' and modified CVSROOT/cvsacl as another
> user rather than xiangbin, to my surprise,
> he can also do 'checkin' successfully.
> ----------------------------------------------------------------
> cvs -q commit -m (none) cvsacl
> Debug turned on...
> 2321 $debug flag set on.
> 2321 $arg for processArgs loop is: -u.
> 2321 client-side $userId set to: liuth.
> 2321 $arg for processArgs loop is: liuth.
> 2321 $arg for processArgs loop is: /usr/local/cvsrepCVSROOT.

You probably want to see /usr/local/cvsrep/CVSROOT here.

> 2321 $arg for processArgs loop is: cvsacl.
> 2321 processArgs returning $userId: liuth.
> 2321 @ARGV after processArgs is: /usr/local/cvsrepCVSROOT cvsacl.
> 2321 ========== Begin  for "/usr/local/cvsrepCVSROOT" repository. ==========
> 2321 @ARGV after shift processing contains:/usr/local/cvsrepCVSROOT, cvsacl.
> 2321 $cvsroot is: /usr/local/cvsrep.
> 2321 Repos: /usr/local/cvsrepCVSROOT
> 2321 ==== /usr/local/cvsrepCVSROOT/cvsacl
> 2321 File / Branch
> 2321 CVS Entry 1: cvsacl/
> 2321 ==========
> 2321 Processing 'cvsacl' line: deny||CVSROOT .
> 2321 $user_name: liuth $user_match match flag is: 1.
> 2321 Checking "fileness" or "dir-ness" for @module_list entries.
> 2321     Entries are: CVSROOT.
> 2321 In checkFileness: $reposDirName: /usr/local/cvsrep/CVSROOT;
> $reposFileName: /usr/local/cvsrep/CVSROOT,v.
> 2321 /usr/local/cvsrep/CVSROOT is a directory.
> 2321 checkFileness will return $filetype: dir.
> 2321 Checking matches for @module_list: CVSROOT.
> 2321 Is 'cvsacl': CVSROOT  pattern in: @ARGV $commit_object:
> /usr/local/cvsrepCVSROOT/cvsacl?
> 2321 @_ in checkModuleMatch is: dir /usr/local/cvsrepCVSROOT/cvsacl CVSROOT.
> 2321 Matches for: %repository_matches: .
> 2321 ==== End of processing for 'cvsacl' line: deny||CVSROOT .

This will not match because it is looking for CVSROOT. rather than CVSROOT/.
because the arguments were wrong.

> 2321 ==========
> 2321 Processing 'cvsacl' line: allow|xiangbin|CVSROOT .
> 2321 $user_name: liuth $user_match match flag is: 0.
> **** Access allowed: Sufficient authority for commit.
> 2321 ==== $exit_val = 0
> /usr/local/cvsrep/CVSROOT/cvsacl,v  <--  cvsacl
> new revision: 1.8; previous revision: 1.7
> cvs commit: Rebuilding administrative file database
> ----------------------------------------------------------------
> 
> But if I  do not have '%r%p %s' appended in CVSROOT/commitinfo,all works
> normal except than some warning messages.

Correct. The default is " %r/%p %s" which will generate a warning
message is NOT what you have provided.

> ----------------------------file CVSROOT/commitinfo
> start --------------------------------
> ALL $CVSROOT/CVSROOT/commit_prep
> ALL $CVSROOT/CVSROOT/cvs_acls   -d -u $USER
> -----------------------------file CVSROOT/commitinfo
> end -------------------------------------------
> cvs -q commit -m (none) cvsacl
> cvs commit: warning: commitinfo line contains no format strings:
>     "/usr/local/cvsrep/CVSROOT/commit_prep "
> Appending defaults (" %r/%p %s"), but please be aware that this usage is
> deprecated.
> cvs commit: warning: commitinfo line contains no format strings:
>     "/usr/local/cvsrep/CVSROOT/cvs_acls -d -u liuth "
> Appending defaults (" %r/%p %s"), but please be aware that this usage is
> deprecated.
> Debug turned on...
> 2329 $debug flag set on.
> 2329 $arg for processArgs loop is: -u.
> 2329 client-side $userId set to: liuth.
> 2329 $arg for processArgs loop is: liuth.
> 2329 $arg for processArgs loop is: /usr/local/cvsrep/CVSROOT.
> 2329 $arg for processArgs loop is: cvsacl.
> 2329 processArgs returning $userId: liuth.
> 2329 @ARGV after processArgs is: /usr/local/cvsrep/CVSROOT cvsacl.
> 2329 ========== Begin  for "/usr/local/cvsrep/CVSROOT" repository.
> ==========
> 2329 @ARGV after shift processing contains:/usr/local/cvsrep/CVSROOT,
> cvsacl.
> 2329 $cvsroot is: /usr/local/cvsrep.
> 2329 Repos: CVSROOT
> 2329 ==== CVSROOT/cvsacl
> 2329 File / Branch
> 2329 CVS Entry 1: cvsacl/
> 2329 ==========
> 2329 Processing 'cvsacl' line: deny||CVSROOT .
> 2329 $user_name: liuth $user_match match flag is: 1.
> 2329 Checking "fileness" or "dir-ness" for @module_list entries.
> 2329     Entries are: CVSROOT.
> 2329 In checkFileness: $reposDirName: /usr/local/cvsrep/CVSROOT;
> $reposFileName: /usr/local/cvsrep/CVSROOT,v.
> 2329 /usr/local/cvsrep/CVSROOT is a directory.
> 2329 checkFileness will return $filetype: dir.
> 2329 Checking matches for @module_list: CVSROOT.
> 2329 Is 'cvsacl': CVSROOT  pattern in: @ARGV $commit_object: CVSROOT/cvsacl?
> 2329 @_ in checkModuleMatch is: dir CVSROOT/cvsacl CVSROOT.
> 2329 $repository: CVSROOT matches $commit_object: CVSROOT/cvsacl.
> 2329 blank 'cvsacl' branch matches all commit files.
> 2329 $repository_matches{CVSROOT/cvsacl} = [HEAD, CVSROOT].
> 2329 Matches for: %repository_matches: CVSROOT/cvsacl.
> 2329 An "deny" match on User(s): ; Module(s): CVSROOT ; Branch(es): .
> 2329 Adding %repository_matches entry: CVSROOT/cvsacl.
> 2329 ==== End of processing for 'cvsacl' line: deny||CVSROOT .
> 2329 ==========
> 2329 Processing 'cvsacl' line: allow|xiangbin|CVSROOT .
> 2329 $user_name: liuth $user_match match flag is: 0.
> **** Access denied: Insufficient authority for user: 'liuth' to commit to
> 'CVSROOT'.
> **** Contact CVS Administrators if you require update access to these
> directories or files.
> **** file(s)/dir(s) restricted were:
>       CVSROOT/cvsacl
> 2329 restrict_log record being written: 2005/12/07 10:00:54 Commit attempt
> by: liuth for: CVSROOT/cvsacl on branch: HEAD.
>  to /usr/local/cvsrep/CVSROOT/restrict_log.
> 2329 ==== $exit_val = 1
> cvs commit: Pre-commit check failed
> cvs [commit aborted]: correct above errors first!
> ----------------------------------------------------------------------------
> ----------
> Why ?

Look VERY carefully at what you have added and what CVS is telling you
it will add.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFDlkuBCg7APGsDnFERAuzgAKCQvnTrQAD5kvp0ZAGLylrTMe4pIACgojZ4
qVQ9s2XvQb4jbV6O3fFiG7o=
=cNRp
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]