Re: [RFC] proposed client command-line interface for dealing withACL

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

This looks very good, but as usual, I have a few comments:

* You don't list the ability to add directories to the repository as
  a separate access method.

* I don't think comma separated lists should allow spaces in them, it
  seems unnatural to me and simple errors can cause problems.  I assume
  you are using the comma at the end of the name to know the next thing
  is a member of the list.  Plus, it will be uncommon to specify more
  than on user/group on a command line.

* The <dirs> should be optional, and you should operate by default on
  the current directory.

* I don't understand the use of "racl", could you explain that a
  little more?

* You don't mention per-tag permissions.  Are you planning that for
  later?

It's good to hear from you again.  Things have been pretty chaotic
here for the last week.

-Corey

Alexey Mahotkin <al...@hs...> writes:

> CVS CLIENT COMMAND-LINE INTERFACE TO ACL
> =========================================
> 
> 
> Notation used in this document:
> 
>   <user>
> 
>         CVS user name, a-la UNIX username.  E.g.:
> 
>                 alice
>                 bob-johnson
> 
> 
>   <group>
> 
>         CVS group name, a-la UNIX group, with leading "percent" (this
>         is subject to discussion).  E.g.:
> 
>                 %devel
>                 %support-staff
> 
>         There are special groups called %all and %nobody with obvious
>         meaning.
> 
> 
>   <users>
> 
>         Comma-separated list of <user>s and <group>s.  Note that there
>         could be a whitespace after the comma.  E.g.:
> 
>                 alice, bob-johnson, %devel.
> 
> 
>   <files>
> 
>         Space-separated list of files in current directory (for the
>         "acl" subcommand) or from the top of repository (for the
>         "racl" subcommand).
> 
> 
>   <dirs>
> 
> 	Space-separated list of directories in current directory (for
> 	the "acl" subcommand) or from the top of repository (for the
> 	"racl" subcommand).  Each directory should have trailing
> 	"slash" character for clarity.
> 
> 
>   <file-perms>
> 
>         Comma-separated list of branch-level file permissions.  E.g.:
> 
>                 checkin
>                 checkout
> 
>         There are common aliases for that: "ci", "co".
> 
> 
>   <dir-perms>
> 
>         Comma-separated list of directory permissions.  E.g.:
> 
>                 access
>                 modify
> 
> 
>   <module-perms>
> 
>         Comma-separated list of module-level permissions.  E.g.:
> 
>                 tag
>                 tag:PREFIX
>                 branch
>                 branch:PREFIX   (questionable, but simple to
>                                  implement)
> 
>         The "tag:PREFIX" construct permits some user creating tags
>         with names starting from PREFIX.  Rationale: you could give
>         release engineer rights to create tags with names starting
>         from "RELEASE".  
> 
> 
> 
> Command lines for groups management:
> 
> a. Creating a group:
> 
> 	$ cvs group create <group>
> 
> 
> b. Deleting a group:
> 
> 	$ cvs group delete <group>
> 
>    Note that when you delete a group which is listed somewhere in ACLs
>    of some directory or a file it is not deleted from there: those
>    entries are just ignored.  This could turn out to be a caveat.
>    There should probably be an "ACL checker" that should be run from
>    time to time that cleans up obsolete entries.
> 
> 
> c. Adding users (or entire groups) to a group:
> 
> 	$ cvs group add <users>
> 
>    Note that adding of entire groups is "symlink-style", not
>    "copying-style".
> 
> 
> d. Deleting users (or entire groups) to a group:
> 
> 	$ cvs group remove <users>
> 
> 
> 
> 
> 
> Command lines for ACL management:
> 
> 
> Note that there are two flavours of the "acl" subcommand: "acl" and
> "racl".  The latter is used outside any working copy and requires that
> files and directory names be specified starting from the top-level
> repository directory.
> 
> 
> a. Setting ACL on files:
> 
>         $ cvs acl <users> <file-perms> <files>
> 
> 
> b. Setting ACL on directories:
> 
>         $ cvs acl <users> <dir-perms> <dirs>
> 
> 
> c. Setting default file ACLs:
> 
>         $ cvs acl <users> default::<file-perms> <dirs>
> 
>    (The "default::" line is used there verbatim.)
> 
> 
> d. Setting ACL on modules:
> 
>         $ cvs acl <users> <module-perms> <modules>
> 
> 
> Notes:
> 
> Please not that "recursive" operations are not implemented, and that's
> intentionally.  Use default file operations instead.  Remember that
> directory permissions are checked from the top.
> 
> 
> --alexm
> 
> _______________________________________________
> Cvs-nserver-devel mailing list
> Cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvs-nserver-devel