Re: [RFC Draft] ACL in CVS proposal

[<mi...@ac...>]

mo...@no... writes:

> >> Should it be 'module administrators'? Or maybe it would be useful to add
> >> another type of action on ACL: 'allow to modify ACL [for a particular
> >> file/module/branch/etc]?'
> >If you are saying that we should allow something more fine-grained
> >(permission to make branches, permission to change ACLs), that's fine,
> >I agree that it could be useful; better than a simple owner.
> Yes, that's exactly what I mean. Yesterday we had an IRC session w/ Alex
> Mahotkin (sorry, mostly in Russian :-/), generally he agreed to extend list
> of actions that need to be ACLed and now he works on the new draft.

I wish I spoke Russian, and I also wish I spoke many other languages :-(.

> 
> >> Should it be the only person or each module/branch etc can have its own
> >> administrator?
> 
> >Someone needs access to the repository with the ability to do
> >anything, and the verification needs to be done outside the normal ACL
> >verification (so if the ACLs accidentally get deleted or set wrong,
> >they can still work on the repository).
> Well, do you think that should be a superuser inside CVS [repository] (on
> per-repostitory basis)? Maybe we can just create several small maintainance
> programs for system administrator (in fact it should be enough to run these
> programs from within 'repository owner' system account) to perform rescue
> actions (like ACL recreation etc). I think this would ease and decrease
> amount of work needed.

It's actually quite easy to make an superuser type login in CVS, much
easier than writing independent programs.  When checking permissions,
just scan the admin file first and return "true" for any check if the
user is an admin.  I'm not sure about which would be more secure.  We
have administrators that I don't want to give access to the machine's
filesystem, but my situation is probably the exception, not the rule.

-Corey