in cvs (please read manual):
adding the group "cvsadmin" in /etc/group, only primary
or secondary members of this group are granted to
perfom cvs admin commands. With this
command its is possible to destroy data, e.g. revisions
without any recovery or change the type of a file (-kb
in cvacl, granting write permission, its is possible to
execute cvs admin commands, there is no control for it.
This feature should only granted to the administrator (p)
or a special permission for cvs admin must be created.
In aclconfig is set:
commented out is #CVSGroupsFileLocation=xxx