info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: set 1 file in repository to be read only

From: Tumy, Brad
Subject: RE: set 1 file in repository to be read only
Date: Sat, 7 Jun 2003 10:00:15 -0400 
Mark,

I appreciate your help with this but your last paragraph is way off base.
It's not a matter of trust...if it was we wouldn't need file system
permissions at
all.  It's a matter of protecting the users from accidentally committing the
entire 
structure and overwriting this particular file.  It's a matter of having a
good security
policy and good development policy in place and protecting files that
shouldn't be over-written.
Actually I have a very high opinion of my staff and their capabilities.  I
am trying to create an 
environment where they can complete their work successfully and not have to
continuously worry about 
overwriting files that shouldn't be overwritten.

I realize that anyone can log directly into the system and chmod the file
and do what ever they want
to it...I am not trying to prevent that.  For that matter everyone on this
team has the root password so they would be able to do that.  I am trying to
restrict writes to this file so that it's not over written "accidentally"
through CVS.

In regards to not using CVS if it can't do this one particular function...If
I followed that policy I probably wouldn't be able to use any tool because
none is perfect and none would have 100% of the capabilities that everyone
needs.  CVS is a great tool and you can't beat the price.  CVS is just one
small part of our entire development process, I don't expect it to be able
to do absolutely everything and make me a cup of coffee.  I realize that for
some things I need to go outside of the CM tool...that's why I originally
asked if setting the permissions to read only through the OS would prevent
writes through CVS.

Anyway...thanks for your insight on comittinfo.

Brad



-----Original Message-----
From: Mark D. Baushke [mailto:address@hidden
Sent: Friday, June 06, 2003 4:46 PM
To: Tumy, Brad
Cc: address@hidden
Subject: Re: set 1 file in repository to be read only 


Tumy, Brad <address@hidden> writes:

> >This is sort of an abuse of the cvs system which is intended to allow
> >users to make changes to files they checkout of the repository...
> 
> Is there a better to do this?

I am not able to think of any better way to do this.

> I want each developer to be able to have the entire project on their local
> machines so that they can test from their local install of Apache and Cold
> Fusion.  I don't want them to be able to overwrite this particular file
> though.

So, you want them to checkout the entire module or set of modules. Fine,
they can do that using cvs. If you want them to not be able to commit a
particular file, you need to instrument it with the hooks available. If
the cvs tool does not do what you need, then do not use it.

In any case, your developers could make local modifications of the file
that they do not checking to the system. Nothing prevents that at all.

Do you really have such a low opinion of your staff? Perhaps it is time
to either encourage management to hire new staff (may folks seem to be
looking for jobs in the current market), or perhaps you should consider
finding a place of employement where you can trust the staff around you
to do the right thing.

        Good luck,
        -- Mark

> Thanks,
> Brad
> 
> -----Original Message-----
> From: Mark D. Baushke [mailto:address@hidden
> Sent: Friday, June 06, 2003 4:36 PM
> To: Tumy, Brad
> Cc: address@hidden
> Subject: Re: set 1 file in repository to be read only 
> 
> 
> Tumy, Brad <address@hidden> writes:
> 
> > So what it appears I would need to do using this method is have some
sort
> of
> > regular expression search for the file name that is restricted.  If this
> > file name is found then it should return a non-zero exit status and the
> > commit on that file will fail.
> > 
> > Sounds complicated actually...maybe I am missing something.
> > 
> > Easier way?
> 
> The comminfo script is called on a particular directory given as the
> pattern, it is not file-based. The arguments typically passed to the
> script will include the name of the file and the directory in which it
> resides. Check to see if the directory matches and the name of the file
> matches and exit with a non-zero return code and the commit will not be
> allowed.
> 
> This is sort of an abuse of the cvs system which is intended to allow
> users to make changes to files they checkout of the repository...
> 
>       Good luck,
>       -- Mark
>  
> > Thanks.
> > Brad
> > 
> > -----Original Message-----
> > From: Mark D. Baushke [mailto:address@hidden
> > Sent: Friday, June 06, 2003 4:03 PM
> > To: Tumy, Brad
> > Cc: address@hidden
> > Subject: Re: set 1 file in repository to be read only 
> > 
> > 
> > Tumy, Brad <address@hidden> writes:
> > 
> > > This question is more for a sanity check then anything else.
> > > 
> > > If I want one specific file in the repository to be read-only (to all
> > > developers) then I just set the permissions on that file (through OS
> > > [Solaris]) to be read-only ...correct? 
> > 
> > No.
> >  
> > > We are developing a web-application in Cold Fusion and I want to lock
> down
> > > the top Application.cfm file so that developers can check it out and
> > include
> > > it in their working directory but not be able to commit it back to the
> > > repository.
> > 
> > Use the commitinfo hook and have it know that particular file should
> > never be allowed to be committed by normal developers. See the URL:
> > http://www.cvshome.org/docs/manual/cvs-1.12.1/cvs_18.html#SEC167 for
> > more information.
> > 
> >     -- Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]