Given:
1. CVS recreates (ie copies and removes) the archive
file each time there is a checkin.
2. CVS, by default, creates locks within the repo
directory. The location of the locks can be
configured by setting LockDir within CVSROOT/config.
3. A user can create and remove files within a
directory if and only if (iff) that user has write
permissions to that directory.
4. A user can use a directory iff that user has
execute permissions to that directory.
5. A user can modify a file iff that user has write
permissions to that file.
Therefore:
1. A user will need repo file and directory read
permissions to checkout/checkin a file.
2. A user will need repo directory write permissions
to checkin a file.
3. It is safer if a user did not have repo file write
permissions.
Given:
1. Default ACLs cannot tell the difference between
directories and files.
2. Repo directory permissions need to be
treated
differently from repo file permissions.
Therefore:
1. A loginfo script will need to reset file ACLs for
each commit. It will also need to set ACLs on new
elements. Typically, this setting is a combination of
inheritance from the parent directory for ACL users
and groups and read permissions, files are never
writable, files may need to be executable, and
directories are always writable and executable.
Noel
--- Muhammad Shakeel
<address@hidden> wrote:
Dear Noel yap,
AOA
Sorry i am asking a question related to little older
thread in mailing
list. I implemeted ACL on directory level as was
suggested, and do not
implemented on files. But what is reason that it is
not recomended ? If
a user have a permission on folder but not on a
file then he cannot
checkout the code.
Can u please also recall to tell me what is required
to do in loginfo
file in this case ?
Regards,
shakeel
Noel Yap wrote:
The answer is a little trickier than this,
actually.
I remember having to put something in loginfo so
that
ACLs would get properly created from the directory
(default ACLs aren't appropriate here since you
probably don't want the directory's execute and
write
bits to be inherited by the files).
Noel
--- gabriel rosenkoetter <address@hidden> wrote:
On Thu, Apr 18, 2002 at 09:28:38PM +0500, Muhammad
Shakeel wrote:
Can i use solaris access control list ? Is cvs
works fine when using acl ?
Yes.
(Think about this logically: cvs is run as the
user
performing the
action. Therefore, it can only affect a file in a
given way if the
user has permission to do so.)
Beware ownership changes of files, though. (And
note
that you
probably don't want to use ACLs on files anyway,
you
want to use
them on directories.)
--
gabriel rosenkoetter
address@hidden
ATTACHMENT part 2 application/pgp-signature
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs
--
Regards,
__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs