[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help setting up CVS for multiple users/projects
|
From: |
Mark D. Baushke |
|
Subject: |
Re: Help setting up CVS for multiple users/projects |
|
Date: |
Fri, 20 Feb 2004 08:22:39 -0800 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Keyser Soze <address@hidden> writes:
> I need to access CVS via SSH. I would like to have several different
> product modules with different users having different access rights to
> each one.
>
> For example, I have projects 1-5 and users 1-5 and I would like to
> have access something like
>
> Project 1
> users 1, 2, 3, 4 & 5
> Project 2
> users 1, 2, 3 & 5
> Project 3
> users 1, 3 & 4
> Project 4
> users 2, 4 & 5
> Project 5
> users 2 & 3
>
> If a user has access, they have both read and write access.
>
> I first looked at the chrooted CVS through SSH as discussed here
> http://www.idealx.org/prj/idx-chrooted-ssh-cvs/dist/chrooted-ssh-cvs-server.html
> by using the scripts at
> http://www.informatimago.com/linux/chrooted-ssh-cvs.
>
> However, I could not see how a single user could have access to more
> then one project.
>
> How can I do this?
In a typical situation, this might be accomplished using unix group
permissions. You would have five separate groups that correspond to
projects 1 thru 5. Membership in the groups would allow access to the
particular repository. The directory that contains the parent of the
CVSROOT directory would be given user 'root' and one of the five
new groups along with 2770 permissions. This means that users who
are not a member of the appropriate group will not be able to do
anything with the $CVSROOT tree.
Example:
one machine server.dom.ain
for Project 1
mkdir /proj1-only
chown root:proj1 /proj1-only
chmod ug+rwx,g+s,o= /proj1-only
cvs -d /proj1-only/project1 init
for Project 2
mkdir /proj2-only
chown root:proj2 /proj2-only
chmod ug+rwx,g+s,o= /proj2-only
cvs -d /proj2-only/project2 init
for Project 3
mkdir /proj3-only
chown root:proj3 /proj3-only
chmod ug+rwx,g+s,o= /proj3-only
cvs -d /proj3-only/project3 init
for Project 4
mkdir /proj4-only
chown root:proj4 /proj4-only
chmod ug+rwx,g+s,o= /proj4-only
cvs -d /proj4-only/project4 init
for Project 5
mkdir /proj5-only
chown root:proj5 /proj5-only
chmod ug+rwx,g+s,o= /proj5-only
cvs -d /proj5-only/project5 init
now users 1,2,3,4,5 are added to /etc/group as appropriate
proj1:*:user1,user2,user3,user4,user5
proj2:*:user1,user2,user3,user5
proj3:*:user1,user3,user4
proj4:*:user2,user4,user5
proj5:*:user2,user3
a 'cvs -d server.dom.ain:/proj1-only/project1 checkout CVSROOT'
command will work for users in group proj1, but not any other users.
a 'cvs -d server.dom.ain:/proj2-only/project2 checkout CVSROOT'
command will work for users in group proj2, but not any other users.
a 'cvs -d server.dom.ain:/proj3-only/project3 checkout CVSROOT'
command will work for users in group proj3, but not any other users.
a 'cvs -d server.dom.ain:/proj4-only/project4 checkout CVSROOT'
command will work for users in group proj4, but not any other users.
a 'cvs -d server.dom.ain:/proj5-only/project5 checkout CVSROOT'
command will work for users in group proj5, but not any other users.
It would also be possible to add a project 4b to the /proj4-only directory
that only project4 users could access.
Good luck,
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFANjRO3x41pRYZE/gRAldnAKDGkDhKusg1JlQqcINg4bdZqXuV8ACgyZPD
ARFrhJqMrIKsliYHhT/UL40=
=RTjm
-----END PGP SIGNATURE-----