info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to only checkout files (not being able to commit)?


From: Noel Yap
Subject: Re: How to only checkout files (not being able to commit)?
Date: Fri, 7 Jun 2002 08:46:20 -0700 (PDT)

--- Nick Papadonis <address@hidden> wrote:
> Dusan Juhas <address@hidden> writes:
> >> I have a CVS folder which I don't want to be
> checkoutable (this has been
> >> achieved simply by chmod the appropriate rights).
> However, it has a
> >> subfolder which I do want people to be able to
> checkout/update from BUT
> >> not
> >> being able to commit to. Is this possible to do?
> 
> For preventing commits, check out the 'cvs_acls.in'
> script.  This
> worked well for me.
> 
> It's included with the CVS source in ./contrib.

This script looks like it's great to control checkins
on a per user, per module, and per branch basis.  Some
comments:
1. It does nothing to control checkouts (as the
original poster requested).  Aside from putting the
module on a box with no access to users, I think the
only other way to prevent checkouts is through turning
off read permissions.
2. Access control is much easier done on a per-group
basis rather than on a per user basis.
3. Per branch access control is not secure since users
still have access to the archive files.  IMHO, it'd be
nice if CVS broke out each branch into a separate
directory in the repository.
4. If security is deemed necessary, file system
permissions will still need to be used to restrict
repository privileges.  If one relied solely on this
script to restrict access without taking care of
repository file system permissions, users will be able
to subvert the protections.

HTH,
Noel

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com



reply via email to

[Prev in Thread] Current Thread [Next in Thread]