[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem in configuring cvs_acls on cvs-1.11.17 on Centos 4.0 with Pserve

From: ankush grover
Subject: Problem in configuring cvs_acls on cvs-1.11.17 on Centos 4.0 with Pserver protocol
Date: Thu, 21 Sep 2006 09:41:23 +0530

hey friends,

I am trying to configure cvs_acls so that I can restrict the
commiting of files from certain users. Presently I am using pserver
protocol in my company. The cvs version is 1.11.17 on Centos 4.0 and I
have set setguid on the repositories.

One of the repository is /opt/test. I followed the steps given in the
cvs_acls file which was there in the contrib folder.

contents of the cvs_acl file

To use this program as I intended, do the following four things:
# 0. Install PERL.  :-)
# 1. Put one line, as the *only* non-comment line, in your commitinfo file:
#       DEFAULT         /usr/local/bin/cvs_acls
# 2. Install this file as /usr/local/bin/cvs_acls and make it executable.
# 3. Create a file named CVSROOT/avail and optionally add it to
#    CVSROOT/checkoutlist and check it in.  See the CVS manual's
#    administrative files section about checkoutlist.  Typically:
#    $ cvs checkout CVSROOT
#    $ cd CVSROOT
#    [ create the avail file ]
#    [ add avail to checkoutlist ]
#    $ cvs add avail
#    $ cvs commit -m 'Added avail for use with cvs_acls.' avail checkoutlist
# ==== FORMAT OF THE avail FILE:
# The avail file determines whether you may commit files.  It contains lines
# read from top to bottom, keeping track of a single "bit".  The "bit"
# defaults to "on".  It can be turned "off" by "unavail" lines and "on" by
# "avail" lines.  ==> Last one counts.
# Any line not beginning with "avail" or "unavail" is ignored.
# Lines beginning with "avail" or "unavail" are assumed to be '|'-separated
# triples: (All spaces and tabs are ignored in a line.)
# {avail.*,unavail.*} [|user,user,... [|repos,repos,... [|branch,branch,...]]]
#    1. String starting with "avail" or "unavail".
#    2. Optional, comma-separated list of usernames.
#    3. Optional, comma-separated list of repository pathnames.
#       These are pathnames relative to $CVSROOT.  They can be directories or
#       filenames.  A directory name allows access to all files and
#       directories below it.
#    4. Optional, comma-separated list of branch tags.

Below is the configuration which I have done

contents of avail file

unavail                 ;; Make whole repository unavailable.
avail|agrover               ;; Except for user "agrover".

contents of checkoutlist file

/opt/test/CVSROOT/avail "you cannot checkout the files"

contents of  commitinfo file

DEFAULT         /usr/local/bin/cvs_acls  (this file is there in
/usr/local/bin directory)

But still the user agrover was able to commit the file after making
changes. The module was checkout after cvs_acl configuration was done.

I want to restrict some of the users from commiting to the
repositories, creating or working on branches. One more thing I would
like to know is it possible to give access read only or no access to a
particular file or to a particular folder or to a particular module
for a particular user or for some users through cvs_acl even though
the user or users are part of the group on which setguid is set.

Please let me know if you need any further inputs.

Thanks & Regards

Ankush Grover

reply via email to

[Prev in Thread] Current Thread [Next in Thread]