Re: Preventing Read Access to a File

[laura . gurtler]

Jack,

Out of the box, these products do not allow finer control at the file
level. One can use the 'reader/'writer' file in CVS to control the
access to a module. However, this use only provide what your underlying
OS security level provides. One can only control the module level
access but not underlying directory/file level (because of group level
permission on the module level).

We faced the same problem that you are facing. We did not find a clean
solution with any of these product util now. Currently we are
evaluating WANDisco's product that allows active-active replication (as
we are a multi-site company) and provide ACL layer on top of CVS, CVSNT
and Subverion. Our requirement was with CVS only so we are evaluating
this product only. We did not have to change anything in CVS and the
user experience has not changed. However, we can control the
module/access to a directory/file level and grant no-access/read/write
permission. The user authentication is still done by the underlying
operating system but the access to a module/directory/file is done by
WANDisco before the the command is passed to CVS server. We have seen
performance improvements over the WAN for repository access due to
their underlying replication.

I can provide you more details as we are almost done with the
evaluation and ready to submit my report to my management.

-- Laura