info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user permissions of files and directories


From: Todd Denniston
Subject: Re: user permissions of files and directories
Date: Mon, 07 Feb 2005 15:02:30 -0500

Matthias Friebe wrote:
> 
> Hey folks,
> 
> I was unsuccessfully checking several CVS documentation for user
> permissions in CVS.
> 
> What we want to do is give explicit read permissions to users for
> files/directories. By default a user should have no read or write access
> to files/directories unless we specify that they do. I don't know if
> this is possible with using the ssh option because I think they assume
> that the user with ssh access can already access the files on the
> machine depending on the local file permissions. Is there another way to
> do this without manually changing all the local file permissions for
> each files/directories, because that is tedious, not flexible and it is
> not working properly. The reason is that when someone is committing
> files, he is changing the user and group permissions of the files in the
> repository!
> 
> Any help is highly appreciated.
> 
> -Matt
If you want to give someone read access, but not write access, remove their
ability to write to the $CVSROOT directories and give them the capability to
write in the LockDir defined in CVSROOT/config .
https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_2.html#SEC13
https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_2.html#SEC17
https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_18.html#SEC182

If you do not want them to even have read access, then they must not have
read or write access to the _DIRECTORY_.  
that is, as you indicated above if they can get to it with their ssh access
then they can get to it with CVS. (there are a couple of things that make it
so CVS has might have less access than their ssh, but if you look at it from
the ssh perspective you will only wonder why they don't have access instead
of answering "why DID they have access").
Let me repeat, to be clear, CVS uses the permissions on the _DIRECTORY_ to
control access for reading, it also uses the DIRECTORY permissions for
writing but those permissions may be tailored down a little more using the
cvs_acls script (look in the contrib directory).  LockDir can be used to
open up read permissions some.
https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_2.html#SEC17
https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_18.html#SEC182

Note the cvs-1.11.19 manual is out, but I had these links handy from last
week.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane) 
Harnessing the Power of Technology for the Warfighter




reply via email to

[Prev in Thread] Current Thread [Next in Thread]