cvsacl-users — General Discussion List for CVSACL

Re: [cvsacl-users] access file format issue of expanding sym links

[<sb...@us...>]

Hi Mark,

patch 1.1.0 has some errors, I do not recommend you to use that.
1.2.0 is better than 1.1.0.
1.2.0 works good with symbolic links in repository,
symbolic links does not expand in access file.
Link to another directory in repository works just as that directory is
a subdirectory of its parent.
Regards,
Baris
sb...@us...

----- Original Message ----- 
From: "Mortensen, Mark" <mar...@th...>
To: <cvs...@li...>
Sent: Wednesday, June 23, 2004 7:05 PM
Subject: [cvsacl-users] access file format issue of expanding sym links


> While understanding that the new v1.2.0 patch appears to still be under
> construction I have been doing some testing with patch 1.1.0 on cvs
v1.11.5.
> We have a need to restrict access to some modules (and their sub
> directories) to a limited set of users.  Our cvs server is setup as a
> pserver and I am using the racl commands to implement restrictions from a
> client machine.  However, I am seeing that the directory names that are
> getting placed into the access file inside the CVSROOT module on the cvs
> server are incorrect.  The problem I think is symbolic links.  Here's the
> scenario:
>
> - Setup CVSROOT on the client to:
>
> CVSROOT=:pserver:someadmin@hostname:/TEST
>
> - TEST is the repository however /TEST on the cvs server is a sym link to
> /cvs/TEST on the physical drive.  Inside the TEST repository is a module
> called moduleA.
>
> - On the client the user someadmin executes:
>
> cvs racl restricteduser:n -r ALL -D moduleA -R
>
> - The output on the client console is:
>
> X /cvs/TEST/moduleA
> X /cvs/TEST/moduleA/ant
> X /cvs/TEST/moduleA/ant/bin
> X /cvs/TEST/moduleA/ant/deploylib
> X /cvs/TEST/moduleA/ant/lib
> ...
>
> NOTE: See how the racl command has expanded /TEST to /cvs/TEST.
>
> - Inside the access file in the CVSROOT module the entries are:
>
> ...
> d:/cvs/TEST/moduleA:ALL:restricteduser!n:
> d:/cvs/TEST/moduleA/ant:ALL:restricteduser!n:
> d:/cvs/TEST/moduleA/ant/bin:ALL:restricteduser!n:
> d:/cvs/TEST/moduleA/ant/deploylib:ALL:restricteduser!n:
> d:/cvs/TEST/moduleA/ant/lib:ALL:restricteduser!n:
> ...
>
> - The problem is if the restricteduser attempts to checkout the module,
> moduleA, they shouldn't be able to because I have set the permissions to
> 'n'. 'n' means no access.  However, the user can checkout the module no
> problems.  The restricteduser will setup the CVSROOT as above and execute:
>
> cvs checkout moduleA
>
> If I change the entries in the access file inside the CVSROOT module from
> /cvs/TEST/moduleA to moduleA then the user has restricted access.
>
> Sure I could go and change the directories manually but our server has
about
> 50 modules and each module has about 100+ subdirectories to make this not
a
> feasible option.
>
> Here's the questions:
>
> - Why is the directories getting expanded and not just left as moduleA?
> - Is there another way to use the racl command to not cause this
behaviour?
> (We need to have the sym link ability).
>
> -Mark
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users
>

[cvsacl-users] acl.c & cvsacl-patch-1.2.0

[<sb...@us...>]

Hi,

Patch works now, when UseSeparateACLFileForEachDir=yes
UseSeparateACLFileForEachDir is correct spelling, so i changed it.
Thank you for reporting errors.
Regards,
Baris
sb...@us...

RE: [cvsacl-users] RE: cvs-1.11.17-cvsacl-1.2.0-patched compile e rror

[Liam G. <lgr...@rs...>]

On Wed, 23 Jun 2004, Mortensen, Mark wrote:

> Liam,
>
> What is the version of gcc you are using?  We are using:
>
> cvspd1rp1 # gcc -v
> Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.3/specs
> gcc version 2.95.3 20010315 (release)
>

> gcc -v
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.3/specs
Configured with: ../configure --disable-nls --with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld
Thread model: posix
gcc version 3.3

-- 
Liam Gretton                                    lgr...@rs...
ESA/ESTEC                                    http://www.rssd.esa.int/
Keplerlaan 1                                  Tel: +31 (0)71 565 8231
2201 AZ Noordwijk ZH                          Fax: +31 (0)71 565 4699
Netherlands

[cvsacl-users] Segmentation fault when using UseSeperateACLFileForEachDir=yes

[Alex H. <ah...@ke...>]

I have created a new repository and have changed the aclconfig parameter
to UseSeperateACLFileForEachDir=yes.

[cvsadm@cvs cvsadm]$ cvs racl cvsadm:p -r ALL -d ALL
cvs racl: cannot open file: /home/cvsadm/temp/ALL/access
X ALL
cvs racl: cannot open file: /home/cvsadm/temp//home/cvsadm/temp/./access
cvs racl: cannot open file: /home/cvsadm/temp//home/cvsadm/temp/./access
Segmentation fault

I believe the segmentation fault occurs because and fseek is attempted on
a NULL file descriptor on aproximately line 1755 in acl.c.  Looks like the
file name is not valid.

Alex

[cvsacl-users] access file format issue of expanding sym links

[Mortensen, M. <mar...@th...>]

While understanding that the new v1.2.0 patch appears to still be under
construction I have been doing some testing with patch 1.1.0 on cvs v1.11.5.
We have a need to restrict access to some modules (and their sub
directories) to a limited set of users.  Our cvs server is setup as a
pserver and I am using the racl commands to implement restrictions from a
client machine.  However, I am seeing that the directory names that are
getting placed into the access file inside the CVSROOT module on the cvs
server are incorrect.  The problem I think is symbolic links.  Here's the
scenario:

- Setup CVSROOT on the client to:

CVSROOT=:pserver:someadmin@hostname:/TEST

- TEST is the repository however /TEST on the cvs server is a sym link to
/cvs/TEST on the physical drive.  Inside the TEST repository is a module
called moduleA.

- On the client the user someadmin executes:

cvs racl restricteduser:n -r ALL -D moduleA -R

- The output on the client console is:

X /cvs/TEST/moduleA
X /cvs/TEST/moduleA/ant
X /cvs/TEST/moduleA/ant/bin
X /cvs/TEST/moduleA/ant/deploylib
X /cvs/TEST/moduleA/ant/lib
...

NOTE: See how the racl command has expanded /TEST to /cvs/TEST.

- Inside the access file in the CVSROOT module the entries are:

...
d:/cvs/TEST/moduleA:ALL:restricteduser!n:
d:/cvs/TEST/moduleA/ant:ALL:restricteduser!n:
d:/cvs/TEST/moduleA/ant/bin:ALL:restricteduser!n:
d:/cvs/TEST/moduleA/ant/deploylib:ALL:restricteduser!n:
d:/cvs/TEST/moduleA/ant/lib:ALL:restricteduser!n:
...

- The problem is if the restricteduser attempts to checkout the module,
moduleA, they shouldn't be able to because I have set the permissions to
'n'. 'n' means no access.  However, the user can checkout the module no
problems.  The restricteduser will setup the CVSROOT as above and execute:

cvs checkout moduleA

If I change the entries in the access file inside the CVSROOT module from
/cvs/TEST/moduleA to moduleA then the user has restricted access. 

Sure I could go and change the directories manually but our server has about
50 modules and each module has about 100+ subdirectories to make this not a
feasible option.

Here's the questions:

- Why is the directories getting expanded and not just left as moduleA?
- Is there another way to use the racl command to not cause this behaviour?
(We need to have the sym link ability).

-Mark

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

RE: [cvsacl-users] new acl.c

[Alex H. <ah...@ke...>]

It looks the same but one character is different. Check out the spelling:
sepErate vs sepArate.  Open acl.c with vi and then execute this command:
:%
s/use_separate_acl_file_for_each_dir/use_seperate_acl_file_for_each_dir/g

It should then compile ok.  After doing some trivial tests it appears that
the new patch is working ok.

Alex

On Wed, 23 Jun 2004, Mortensen, Mark wrote:

> Alex,
> 
> You reference changing instances of "use_separate_acl_file_for_each_dir" in
> acl.c to "use_seperate_acl_file_for_each_dir".  Uhmmm, this is the same
> thing isn't it.  Was this a typo? I am by no means a C programmer so pardon
> any newbie issue I'm missing here.
> 
> -Mark
> 
> -----Original Message-----
> From: cvs...@li...
> [mailto:cvs...@li...]On Behalf Of Alex Hill
> Sent: Wednesday, June 23, 2004 9:10 AM
> To: cvs...@li...
> Subject: Re: [cvsacl-users] new acl.c
> 
> 
> I thought it might have been a bad character or soemthing before int x so
> I tried deleting that first.  Its not that. 
> 
> I am running Redhat Linux 7.2 (kernel 2.4.7-10) with gcc version 2.96.  I
> think the issue is a compiler issue.  The file ends with the .c extension
> so variables must be declared after a new block {} and before any
> operations.  For example:
> 
> If I tried to compile:
> int main(void)
> {
> int y;
> y++;
> int x;
> }
> 
> It would fail. This would work:
> int main(void)
> {
> int y;
> int x;
> y++;
> }
> 
> So if I modify acl.c so that the declaration of int x comes after the
> while block and before the if statement it will compile fine:
> 
> while (getline (&line, &line_allocated, accessfp) >= 0) 
> {
>  int x;
>  if (line[0] == '#' || line[0] == '\0' || line[0] == '\n')
>     continue;
> 
> I tried compiling in the new acl.c you supplied and got the following
> error:
> 
> if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -I../diff -I../zlib
> -I/usr/kerberos/include    -g -O2 -MT acl.o -MD -MP -MF ".deps/acl.Tpo" \
>   -c -o acl.o `test -f 'acl.c' || echo './'`acl.c; \
> then mv -f ".deps/acl.Tpo" ".deps/acl.Po"; \
> else rm -f ".deps/acl.Tpo"; exit 1; \
> fi
> gcc  -g -O2   -o cvs  acl.o add.o admin.o annotate.o buffer.o checkin.o
> checkout.o classify.o client.o commit.o create_adm.o cvsrc.o diff.o edit.o
> entries.o error.o expand_path.o fileattr.o filesubr.o find_names.o
> hardlink.o hash.o history.o ignore.o import.o lock.o log.o login.o
> logmsg.o main.o mkmodules.o modules.o myndbm.o no_diff.o parseinfo.o
> patch.o rcs.o rcscmds.o recurse.o release.o remove.o repos.o root.o run.o
> scramble.o server.o stack.o status.o subr.o tag.o update.o version.o
> vers_ts.o watch.o wrapper.o zlib.o ../diff/libdiff.a ../lib/libcvs.a
> ../zlib/libz.a -lcrypt -lgssapi_krb5 -lkrb5 -lk5crypto -lcrypt -lresolv
> -lcom_err -L/usr/kerberos/lib -lnsl
> parseinfo.o: In function `parse_aclconfig':
> /usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src/parseinfo.c:543: undefined
> reference to `use_seperate_acl_file_for_each_dir'
> /usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src/parseinfo.c:545: undefined
> reference to `use_seperate_acl_file_for_each_dir'
> collect2: ld returned 1 exit status
> make: *** [cvs] Error 1
> 
> It appears that the new acl.c has changed the global variable
> use_seperate_acl_file_for_each_dir to use_separate_acl_file_for_each_dir
> but the parseinfo.c file is referencing 
> use_seperate_acl_file_for_each_dir.
> 
> I changed every instance of use_separate_acl_file_for_each_dir in acl.c to
> use_seperate_acl_file_for_each_dir and it compiled.
> 
> Alex
> 
> On Wed, 23 Jun 2004 sb...@us... wrote:
> 
> > 
> > Hi,
> > 
> > I attached acl.c file to this email, 
> > can you try this? (should solve Mark's problem and compile error)
> > 
> > I did not understand why there is a compile error in line 269?
> > Variable x is only used inside that while block in line 267, and 
> > i didnt get any compile error about it.
> > May be newline character problem (i edit acl.c on windows).?
> > Regards,
> > sb...@us...
> > 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users
> 
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users
> 

RE: [cvsacl-users] RE: cvs-1.11.17-cvsacl-1.2.0-patched compile e rror

[Mortensen, M. <mar...@th...>]

Liam,

What is the version of gcc you are using?  We are using:

cvspd1rp1 # gcc -v
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.3/specs
gcc version 2.95.3 20010315 (release)



-----Original Message-----
From: cvs...@li...
[mailto:cvs...@li...]On Behalf Of Liam
Gretton
Sent: Wednesday, June 23, 2004 12:45 AM
To: cvs...@li...
Subject: Re: [cvsacl-users] RE: cvs-1.11.17-cvsacl-1.2.0-patched compile
error


On Tue, 22 Jun 2004, Mortensen, Mark wrote:

> I ran into a compile error on the acl.c source file:

> acl.c: In function `access_allowed":
> acl.c:269: parse error before `int"
> acl.c:277: `x" undeclared (first use in this function)
> acl.c:277: (Each undeclared identifier is reported only once
> acl.c:277: for each function it appears in.)
> make[2]: *** [acl.o] Error 1
> make[2]: Leaving directory `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src"
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched"
> make: *** [all] Error 2

I've built this on Sol 8 and 9 without any problems, but I'm still waiting 
for my colleagues to test the new install for me, so I can't say whether 
it actually works or not.

If it's any use to anyone, I created a cvsacl-1.1.3 patch for cvs-1.11.17 
(typically, the day before 1.2.0 was released). It builds ok, but is 
untested functionally. Drop me a line if you wish to try it out.

-- 
Liam Gretton                                    lgr...@rs...
ESA/ESTEC                                    http://www.rssd.esa.int/
Keplerlaan 1                                  Tel: +31 (0)71 565 8231
2201 AZ Noordwijk ZH                          Fax: +31 (0)71 565 4699
Netherlands


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
cvsacl-users mailing list
cvs...@li...
https://lists.sourceforge.net/lists/listinfo/cvsacl-users

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

RE: [cvsacl-users] new acl.c

[Mortensen, M. <mar...@th...>]

Alex,

You reference changing instances of "use_separate_acl_file_for_each_dir" in
acl.c to "use_seperate_acl_file_for_each_dir".  Uhmmm, this is the same
thing isn't it.  Was this a typo? I am by no means a C programmer so pardon
any newbie issue I'm missing here.

-Mark

-----Original Message-----
From: cvs...@li...
[mailto:cvs...@li...]On Behalf Of Alex Hill
Sent: Wednesday, June 23, 2004 9:10 AM
To: cvs...@li...
Subject: Re: [cvsacl-users] new acl.c


I thought it might have been a bad character or soemthing before int x so
I tried deleting that first.  Its not that. 

I am running Redhat Linux 7.2 (kernel 2.4.7-10) with gcc version 2.96.  I
think the issue is a compiler issue.  The file ends with the .c extension
so variables must be declared after a new block {} and before any
operations.  For example:

If I tried to compile:
int main(void)
{
int y;
y++;
int x;
}

It would fail. This would work:
int main(void)
{
int y;
int x;
y++;
}

So if I modify acl.c so that the declaration of int x comes after the
while block and before the if statement it will compile fine:

while (getline (&line, &line_allocated, accessfp) >= 0) 
{
 int x;
 if (line[0] == '#' || line[0] == '\0' || line[0] == '\n')
    continue;

I tried compiling in the new acl.c you supplied and got the following
error:

if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -I../diff -I../zlib
-I/usr/kerberos/include    -g -O2 -MT acl.o -MD -MP -MF ".deps/acl.Tpo" \
  -c -o acl.o `test -f 'acl.c' || echo './'`acl.c; \
then mv -f ".deps/acl.Tpo" ".deps/acl.Po"; \
else rm -f ".deps/acl.Tpo"; exit 1; \
fi
gcc  -g -O2   -o cvs  acl.o add.o admin.o annotate.o buffer.o checkin.o
checkout.o classify.o client.o commit.o create_adm.o cvsrc.o diff.o edit.o
entries.o error.o expand_path.o fileattr.o filesubr.o find_names.o
hardlink.o hash.o history.o ignore.o import.o lock.o log.o login.o
logmsg.o main.o mkmodules.o modules.o myndbm.o no_diff.o parseinfo.o
patch.o rcs.o rcscmds.o recurse.o release.o remove.o repos.o root.o run.o
scramble.o server.o stack.o status.o subr.o tag.o update.o version.o
vers_ts.o watch.o wrapper.o zlib.o ../diff/libdiff.a ../lib/libcvs.a
../zlib/libz.a -lcrypt -lgssapi_krb5 -lkrb5 -lk5crypto -lcrypt -lresolv
-lcom_err -L/usr/kerberos/lib -lnsl
parseinfo.o: In function `parse_aclconfig':
/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src/parseinfo.c:543: undefined
reference to `use_seperate_acl_file_for_each_dir'
/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src/parseinfo.c:545: undefined
reference to `use_seperate_acl_file_for_each_dir'
collect2: ld returned 1 exit status
make: *** [cvs] Error 1

It appears that the new acl.c has changed the global variable
use_seperate_acl_file_for_each_dir to use_separate_acl_file_for_each_dir
but the parseinfo.c file is referencing 
use_seperate_acl_file_for_each_dir.

I changed every instance of use_separate_acl_file_for_each_dir in acl.c to
use_seperate_acl_file_for_each_dir and it compiled.

Alex

On Wed, 23 Jun 2004 sb...@us... wrote:

> 
> Hi,
> 
> I attached acl.c file to this email, 
> can you try this? (should solve Mark's problem and compile error)
> 
> I did not understand why there is a compile error in line 269?
> Variable x is only used inside that while block in line 267, and 
> i didnt get any compile error about it.
> May be newline character problem (i edit acl.c on windows).?
> Regards,
> sb...@us...
> 



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
cvsacl-users mailing list
cvs...@li...
https://lists.sourceforge.net/lists/listinfo/cvsacl-users

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

RE: [cvsacl-users] new acl.c

[Mortensen, M. <mar...@th...>]

Thanks for the attached file.  I attempted to compile and got:
 
....
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -I../diff -I../zlib     -g -O2 -c
`test -f 'zlib.c' || echo './'`zlib.c
gcc  -g -O2   -o cvs  acl.o add.o admin.o annotate.o buffer.o checkin.o
checkout.o classify.o client.o commit.o create_adm.o cvsrc.o diff.o edit.o
entries.o error.o expand_path.o fileattr.o filesubr.o find_names.o
hardlink.o hash.o history.o ignore.o import.o lock.o log.o login.o logmsg.o
main.o mkmodules.o modules.o myndbm.o no_diff.o parseinfo.o patch.o rcs.o
rcscmds.o recurse.o release.o remove.o repos.o root.o run.o scramble.o
server.o stack.o status.o subr.o tag.o update.o version.o vers_ts.o watch.o
wrapper.o zlib.o ../diff/libdiff.a ../lib/libcvs.a ../zlib/libz.a -lxnet
-lnsl
Undefined                       first referenced
 symbol                             in file
use_seperate_acl_file_for_each_dir  parseinfo.o
ld: fatal: Symbol referencing errors. No output written to cvs
collect2: ld returned 1 exit status
make[2]: *** [cvs] Error 1
make[2]: Leaving directory `/tmp/cvs-1.11.17/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/cvs-1.11.17'
make: *** [all] Error 2

 
I did see that Alex got a similar problem.  The gcc version we are using
under solaris is:
 
cvspd1rp1 # gcc -v
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.3/specs
gcc version 2.95.3 20010315 (release)


-----Original Message-----
From: cvs...@li...
[mailto:cvs...@li...]On Behalf Of
sb...@us...
Sent: Wednesday, June 23, 2004 1:12 AM
To: cvs...@li...
Subject: [cvsacl-users] new acl.c


 
Hi,
 
I attached acl.c file to this email, 
can you try this? (should solve Mark's problem and compile error)
 
I did not understand why there is a compile error in line 269?
Variable x is only used inside that while block in line 267, and 
i didnt get any compile error about it.
May be newline character problem (i edit acl.c on windows).?
Regards,
sb...@us... <mailto:sb...@us...> 
 



______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Re: [cvsacl-users] new acl.c

[Alex H. <ah...@ke...>]

I thought it might have been a bad character or soemthing before int x so
I tried deleting that first.  Its not that. 

I am running Redhat Linux 7.2 (kernel 2.4.7-10) with gcc version 2.96.  I
think the issue is a compiler issue.  The file ends with the .c extension
so variables must be declared after a new block {} and before any
operations.  For example:

If I tried to compile:
int main(void)
{
int y;
y++;
int x;
}

It would fail. This would work:
int main(void)
{
int y;
int x;
y++;
}

So if I modify acl.c so that the declaration of int x comes after the
while block and before the if statement it will compile fine:

while (getline (&line, &line_allocated, accessfp) >= 0) 
{
 int x;
 if (line[0] == '#' || line[0] == '\0' || line[0] == '\n')
    continue;

I tried compiling in the new acl.c you supplied and got the following
error:

if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -I../diff -I../zlib
-I/usr/kerberos/include    -g -O2 -MT acl.o -MD -MP -MF ".deps/acl.Tpo" \
  -c -o acl.o `test -f 'acl.c' || echo './'`acl.c; \
then mv -f ".deps/acl.Tpo" ".deps/acl.Po"; \
else rm -f ".deps/acl.Tpo"; exit 1; \
fi
gcc  -g -O2   -o cvs  acl.o add.o admin.o annotate.o buffer.o checkin.o
checkout.o classify.o client.o commit.o create_adm.o cvsrc.o diff.o edit.o
entries.o error.o expand_path.o fileattr.o filesubr.o find_names.o
hardlink.o hash.o history.o ignore.o import.o lock.o log.o login.o
logmsg.o main.o mkmodules.o modules.o myndbm.o no_diff.o parseinfo.o
patch.o rcs.o rcscmds.o recurse.o release.o remove.o repos.o root.o run.o
scramble.o server.o stack.o status.o subr.o tag.o update.o version.o
vers_ts.o watch.o wrapper.o zlib.o ../diff/libdiff.a ../lib/libcvs.a
../zlib/libz.a -lcrypt -lgssapi_krb5 -lkrb5 -lk5crypto -lcrypt -lresolv
-lcom_err -L/usr/kerberos/lib -lnsl
parseinfo.o: In function `parse_aclconfig':
/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src/parseinfo.c:543: undefined
reference to `use_seperate_acl_file_for_each_dir'
/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src/parseinfo.c:545: undefined
reference to `use_seperate_acl_file_for_each_dir'
collect2: ld returned 1 exit status
make: *** [cvs] Error 1

It appears that the new acl.c has changed the global variable
use_seperate_acl_file_for_each_dir to use_separate_acl_file_for_each_dir
but the parseinfo.c file is referencing 
use_seperate_acl_file_for_each_dir.

I changed every instance of use_separate_acl_file_for_each_dir in acl.c to
use_seperate_acl_file_for_each_dir and it compiled.

Alex

On Wed, 23 Jun 2004 sb...@us... wrote:

> 
> Hi,
> 
> I attached acl.c file to this email, 
> can you try this? (should solve Mark's problem and compile error)
> 
> I did not understand why there is a compile error in line 269?
> Variable x is only used inside that while block in line 267, and 
> i didnt get any compile error about it.
> May be newline character problem (i edit acl.c on windows).?
> Regards,
> sb...@us...
> 

[cvsacl-users] new acl.c

[<sb...@us...>]

Hi,

I attached acl.c file to this email,=20
can you try this? (should solve Mark's problem and compile error)

I did not understand why there is a compile error in line 269?
Variable x is only used inside that while block in line 267, and=20
i didnt get any compile error about it.
May be newline character problem (i edit acl.c on windows).?
Regards,
sb...@us...

Re: [cvsacl-users] RE: cvs-1.11.17-cvsacl-1.2.0-patched compile error

[Liam G. <lgr...@rs...>]

On Tue, 22 Jun 2004, Mortensen, Mark wrote:

> I ran into a compile error on the acl.c source file:

> acl.c: In function `access_allowed":
> acl.c:269: parse error before `int"
> acl.c:277: `x" undeclared (first use in this function)
> acl.c:277: (Each undeclared identifier is reported only once
> acl.c:277: for each function it appears in.)
> make[2]: *** [acl.o] Error 1
> make[2]: Leaving directory `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src"
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched"
> make: *** [all] Error 2

I've built this on Sol 8 and 9 without any problems, but I'm still waiting 
for my colleagues to test the new install for me, so I can't say whether 
it actually works or not.

If it's any use to anyone, I created a cvsacl-1.1.3 patch for cvs-1.11.17 
(typically, the day before 1.2.0 was released). It builds ok, but is 
untested functionally. Drop me a line if you wish to try it out.

-- 
Liam Gretton                                    lgr...@rs...
ESA/ESTEC                                    http://www.rssd.esa.int/
Keplerlaan 1                                  Tel: +31 (0)71 565 8231
2201 AZ Noordwijk ZH                          Fax: +31 (0)71 565 4699
Netherlands

Re: [cvsacl-users] cvsacl 1.2.0 for cvs 1.11.17 doesn't appear to work

[Alex H. <ah...@ke...>]

I ran into a similiar problem with the cvsacl 1.2.0 patch.  I have since
reverted back to the cvsacl 1.1.3 patch on cvs 1.1.10.

By default I grant only the cvsadm account p permissions and everyone else
rt.  After upgrading, our old access file didn't seem to be working so I
made a backup and created a blank one. After running cvs racl cvsadm:p -r
ALL -d ALL on an empty access file (successfully) it wasn't possible to
run any more cvs racl command with the cvsadm user.  It simply reported a
permission denied error.  In aclconfig I have the default permissions set
to CVSACLDefaultPermissions=p.

Perhaps we are both missing something.

Alex

On Tue, 22 Jun 2004, Mortensen, Mark wrote:

> Alright I was told by our CM team that we had to upgrade to CVS 1.11.17 to
> fix some security issues.  We are currently using CVS 1.11.5 with cvsacl
> 1.1.0 with no problems.  CVSACL works great and does what we want. I
> downloaded the new patch and ran into a build issue that was noted by Alex
> on this list entitled "cvs-1.11.17-cvsacl-1.2.0-patched compile error".
> After fixing the acl.c file as per the email the server is able to compile
> and correctly reports the version.  I created a brand new respository to
> test with but now the cvsacl doesn't appear to be working.  We are building
> on Solaris.  Here is what we have
> 
> /TEST2/
>   |
>   |
>   +--CVSROOT/
>   |
>   |
>   +--projectA/
>        |
>        |
>        +--src/...
> 
> Inside of CVSROOT is the access file used by cvsacl and contains
> 
> # CVS ACL definitions file. DO NOT EDIT MANUALLY
> d:ALL:ALL:mmortens!p,ALL!a:
> d:projectA:ALL:testuser!n:
> 
> So if the "testuser" logs into CVS via a pserver connect the user should not
> be able to checkout the projectA module.  However, the testuser can.  I
> backed out the binaries to older cvs/cvsacl (1.11.5 w/cvsacl 1.1.0) patch
> version and the correct behaviour is encounted and the testuser can not
> checkout the projectA module.
> 
> Am I missing something simple here?
> 
> -Mark
> 
> 
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users
> 

[cvsacl-users] cvsacl 1.2.0 for cvs 1.11.17 doesn't appear to work

[Mortensen, M. <mar...@th...>]

Alright I was told by our CM team that we had to upgrade to CVS 1.11.17 to
fix some security issues.  We are currently using CVS 1.11.5 with cvsacl
1.1.0 with no problems.  CVSACL works great and does what we want. I
downloaded the new patch and ran into a build issue that was noted by Alex
on this list entitled "cvs-1.11.17-cvsacl-1.2.0-patched compile error".
After fixing the acl.c file as per the email the server is able to compile
and correctly reports the version.  I created a brand new respository to
test with but now the cvsacl doesn't appear to be working.  We are building
on Solaris.  Here is what we have

/TEST2/
  |
  |
  +--CVSROOT/
  |
  |
  +--projectA/
       |
       |
       +--src/...

Inside of CVSROOT is the access file used by cvsacl and contains

# CVS ACL definitions file. DO NOT EDIT MANUALLY
d:ALL:ALL:mmortens!p,ALL!a:
d:projectA:ALL:testuser!n:

So if the "testuser" logs into CVS via a pserver connect the user should not
be able to checkout the projectA module.  However, the testuser can.  I
backed out the binaries to older cvs/cvsacl (1.11.5 w/cvsacl 1.1.0) patch
version and the correct behaviour is encounted and the testuser can not
checkout the projectA module.

Am I missing something simple here?

-Mark


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

[cvsacl-users] RE: cvs-1.11.17-cvsacl-1.2.0-patched compile error

[Mortensen, M. <mar...@th...>]

Alex,

I pulled down the patch and applied it to find the same issue.  We are
building on Solaris.  We are also finding out that the patch doesn't seem to
work.  But that is for another post.

Mark

 I ran into a compile error on the acl.c source file:
 
 Making all in src
 make[2]: Entering directory
 `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src"
 if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -I../diff -I../zlib
 -I/usr/kerberos
 /include    -g -O2 -MT acl.o -MD -MP -MF ".deps/acl.Tpo" \
   -c -o acl.o `test -f "acl.c" || echo "./"`acl.c; \
 then mv -f ".deps/acl.Tpo" ".deps/acl.Po"; \
 else rm -f ".deps/acl.Tpo"; exit 1; \
 fi
 acl.c: In function `access_allowed":
 acl.c:269: parse error before `int"
 acl.c:277: `x" undeclared (first use in this function)
 acl.c:277: (Each undeclared identifier is reported only once
 acl.c:277: for each function it appears in.)
 make[2]: *** [acl.o] Error 1
 make[2]: Leaving directory `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src"
 make[1]: *** [all-recursive] Error 1
 make[1]: Leaving directory `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched"
 make: *** [all] Error 2
 
 To solve the problem I simply moved the declaration of int x; on line 269
 of acl.c to the beginning of the access_allowed function.  Did anyone else
 run into this problem?
 
 Alex




______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

[cvsacl-users] cvs-1.11.17-cvsacl-1.2.0-patched compile error

[Alex H. <ah...@ke...>]

I ran into a compile error on the acl.c source file:

Making all in src
make[2]: Entering directory
`/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -I../diff -I../zlib
-I/usr/kerberos
/include    -g -O2 -MT acl.o -MD -MP -MF ".deps/acl.Tpo" \
  -c -o acl.o `test -f 'acl.c' || echo './'`acl.c; \
then mv -f ".deps/acl.Tpo" ".deps/acl.Po"; \
else rm -f ".deps/acl.Tpo"; exit 1; \
fi
acl.c: In function `access_allowed':
acl.c:269: parse error before `int'
acl.c:277: `x' undeclared (first use in this function)
acl.c:277: (Each undeclared identifier is reported only once
acl.c:277: for each function it appears in.)
make[2]: *** [acl.o] Error 1
make[2]: Leaving directory `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/cvs-1.11.17-cvsacl-1.2.0-patched'
make: *** [all] Error 2

To solve the problem I simply moved the declaration of int x; on line 269
of acl.c to the beginning of the access_allowed function.  Did anyone else
run into this problem?

Alex

[cvsacl-users] cvsacl-1.2.0-for-cvs-1.11.17

[<sb...@us...>]

cvsacl-1.2.0-for-cvs-1.11.17 is uploaded to sf.net.

It is working for cvs-1.11.17, and a few fixes.

Regards,

sb...@us...
http://cvsacl.sourceforge.net

Re: [cvsacl-users] What is "remote connections"?

[<sb...@us...>]

Hi Magnus,

It works in ssh connections, 
pserver, ssh, server all are remote connections.
Regards,
sb...@us...


----- Original Message ----- 
From: "Magnus Sandberg" <mag...@az...>
To: <cvs...@li...>
Sent: Thursday, April 15, 2004 3:51 PM
Subject: [cvsacl-users] What is "remote connections"?


> 
> Hi all I'm just starting to try out the ACL patch.
> 
> The docs did says that the patch only works for "remote connections",
> what does that mean? Does the path only work in 'pserver' mode? What
> will it take to make it work in 'cvs server' mode?
> 
> I'm asking because I have a users connecting from different applications
> and places and the only really good solution for all of them are by
> using ssh to connect to the repository server. To allow connections for
> pserver is in my case not an option.
> 
> 
> Thanks,
> 
> /Magnus Sandberg
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users
> 

[cvsacl-users] What is "remote connections"?

[Magnus S. <mag...@az...>]

Hi all I'm just starting to try out the ACL patch.

The docs did says that the patch only works for "remote connections",
what does that mean? Does the path only work in 'pserver' mode? What
will it take to make it work in 'cvs server' mode?

I'm asking because I have a users connecting from different applications
and places and the only really good solution for all of them are by
using ssh to connect to the repository server. To allow connections for
pserver is in my case not an option.


Thanks,

/Magnus Sandberg

[cvsacl-users] cvs add on folders does not respect acls?

[Dawid W. <Daw...@cs...>]

Hi.

I  really  like  the  concept  of  cvs-acl, first of all; I've been looking
around  for  a  while  and  none  of  the  existing approaches appeal to me
(managing  tons of unix users/ groups and file permissions, loginfo scripts
etc).

Now, I have two questions:

1)  Is  it  just  me,  or  is  add  operation  on a folder always permitted
(regardless  of  what  you  place  in the acls)? I've just tried forbidding
user  test  access  to  a module and I could still add a folder to it (even
though I couldn't add any file, which is the correct behavior).

2)  When is the hierarchical (cascading) acl scheme going to be implemented
and available?

I  am  currently using cvs-1.11.10-cvsacl-1.1.3-patched, please let me know
if any of the above are already available in the CVS HEAD at sourceforge.

Regards,
Dawid

-- 
Dawid Weiss, http://www.cs.put.poznan.pl/dweiss
Laboratory of Intelligent Decision Support Systems, Poznan UT, Poland

Re: [cvsacl-users] "n" access gives empty dir structure

[<sb...@us...>]

hi,

1) Which version, you are using? If you try new 1.2.0 then you will see
a new config keyword (StopAtFirstPermissionDenied).
If you set StopAtFirstPermissionDenied to yes
(StopAtFirstPermissionDenied=yes)
in aclconfig file, users with 'n' permission will be stopped whenever a
denied file/directory
encountered. That may work for you?
You can gine n permission to you top level files, so they cannot read.
(cvs -d /path/to/repository racl userA:n -f somefile.txt)

2) Yes, you are right. acl, and racl commands changes access file in
CVSROOT.
aclconfig file is in checkoutlist. (aclconfig,v exists).
But access file is not in checkoutlist, it does not work if you put it in
checkoutlist.
CVS users should have read access to these files.

sb...@mi...


----- Original Message ----- 
From: <cv...@ab...>
To: <cvs...@li...>
Sent: Saturday, February 14, 2004 6:42 PM
Subject: [cvsacl-users] "n" access gives empty dir structure


> Hello:
>
> I have just successfully installed and configured cvsACL for the
> first time, so please
> forgive the beginner questions.  However, I have two questions
> that I would appreciate
> any assistance you may be able offer.
>
> 1) I have configured my default ACL (for a specific sensitive
> CVS repository) to be "n"
> via the CVSACLDefaultPermission value in the aclconfig file.
> Then, I configure the
> other ACLs, (r, w, etc.) for the certain users that should have
> access in this case.
> This seems to be working fine in terms of allowing access where
> needed and denying
> access as needed with a few exceptions.  First, any user (even
> those with "n"
> permission") will still receive the entire directory structure
> of the repository in
> question.  Note that they do NOT recieve any files that they do
> not have access to,
> but they still receive an empty directory structure for those
> dirs nested well into
> areas that they have no permissions?  Now, I understand that
> they really aren't getting
> any useful data here, but I would like to have them avoid
> getting even the empty dir
> structure below where they are authorized.  Similarly, there are
> several "top level"
> files (not directories) that any user will get - even the "n"
> users.  I'd appreciate
> any explanation and/or assistance as to how this can be avoided.
>
> 2) Finally, are the access and/or aclconfig files typically
> added to the CVSROOT
> checkoutlist?  I've noted that the racl command seems to write
> to/delete this file
> whenever it runs and I'm wondering how this functioning would be
> affected if these
> files become read-only as members of the CVSROOT checkoutlist.
>
> Thanks in advance!
>
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users
>

[cvsacl-users] "n" access gives empty dir structure

[<cv...@ab...>]

Hello:

I have just successfully installed and configured cvsACL for the 
first time, so please
forgive the beginner questions.  However, I have two questions 
that I would appreciate
any assistance you may be able offer.

1) I have configured my default ACL (for a specific sensitive 
CVS repository) to be "n"
via the CVSACLDefaultPermission value in the aclconfig file.  
Then, I configure the
other ACLs, (r, w, etc.) for the certain users that should have 
access in this case.
This seems to be working fine in terms of allowing access where 
needed and denying
access as needed with a few exceptions.  First, any user (even 
those with "n"
permission") will still receive the entire directory structure 
of the repository in
question.  Note that they do NOT recieve any files that they do 
not have access to,
but they still receive an empty directory structure for those 
dirs nested well into
areas that they have no permissions?  Now, I understand that 
they really aren't getting 
any useful data here, but I would like to have them avoid 
getting even the empty dir
structure below where they are authorized.  Similarly, there are 
several "top level"
files (not directories) that any user will get - even the "n" 
users.  I'd appreciate
any explanation and/or assistance as to how this can be avoided.

2) Finally, are the access and/or aclconfig files typically 
added to the CVSROOT
checkoutlist?  I've noted that the racl command seems to write 
to/delete this file
whenever it runs and I'm wondering how this functioning would be 
affected if these
files become read-only as members of the CVSROOT checkoutlist.

Thanks in advance!

[cvsacl-users] cvsacl-1.2.0-BETA

[<sb...@us...>]

Hi,

I was working on permission inheritance,
and now I think it is working.

If anyone interested in testing, 
I uploaded a new package with name "cvsacl-1.2.0-BETA".
http://sourceforge.net/projects/cvsacl

-------------------------------------------------------------
Release 1.2.0-BETA
        - implemented permission inheritance from parents.
        - new config keyword: StopAtFirstPermissionDenied.
        - fixed some errors.
-------------------------------------------------------------

Regards,
sb...@us...

RE: [cvsacl-users] Re: Doubt about recursive mode and acls

[Federico E. <fed...@cl...>]

Great! I will be waiting for your news. :)

The next version does include any new feature?

Thanks,

Fede=20

=20

-----Mensaje original-----
De: sbaris [mailto:sb...@us...]=20
Enviado el: Martes, 30 de Diciembre de 2003 03:29 a.m.
Para: cvs...@li...
Asunto: [cvsacl-users] Re: Doubt about recursive mode and acls

=20

Hi,

Currently, subdirectories does not inherit permission from parent.
So, if you create a new directory, you should set its acl.

I am working on this, and in a few weeks cvsacl will inherit permissions
recursively.

sb...@us... <mailto:sb...@us...>=20


----- Original Message -----=20
From: "Federico Edelman" <fed...@cl... =
<mailto:fed...@cl...> >
To: <cvs...@li... =
<mailto:cvs...@li...> >
Sent: Monday, December 29, 2003 8:28 PM
Subject: [cvsacl-users] Doubt about recursive mode and acls


> Hi, I'm testing the cvsacl patch. First, I'm installed
> cvs-1.11.10-cvsacl-1.1.3-patched version on a PIII with Debian =
GNU/Linux
> 3.0r1 kernel 2.4.23.
>
> Now, I need a good way to verify user permissions. I will have got
> different web-application projects. For example:
>
> /webroot/project1
> /webroot/project2
> /webroot/project3
>
> I will have got many users that's should be has got different acl. For
> example, "usera" -read- access to "project1".
> "userb" -read/write- access to "project1" and -read- access to
> "project2".
> "userc" -read/write- access to "project1" and "project3".
>
> I'm seeing the patch should be works.
>
> But, I'm having the following trouble:
> When the user is configured, he should be "free moving" into the
> "module-project". But, it isn't possible when he add/create a new
> directory/file. Because nobody can access if I don't run the following
> line:
> # cvs -d /webroot racl userX:cdwr -R -d projectY
>
> Does exist anyway to set the cvsacl options (like above) but the
> recursive mode will be permanent?
>
>
> This is my configurations options:
> # New repository (root)
> mkdir /webroot
> cvs import -d /webroot
> chown -R cvsadm:nogroup /webroot
> chmod 2770 /webroot
>
> # New module (root)
> cd /to/some/path
> cvs import -m "Begin project" project1 usera start
> chown -R cvsadm:nogroup /repository
>
> # Set user permissions for module (root)
> cvs -d /repository racl usera:cdrw -R -d project1
> chown -R cvsadm:nogroup /repository
>
> My aclconfig:
> --- snip snip ---
> UseCVSACL=3Dyes
> CVSACLDefaultPermissions=3Dn
> UseSystemGroups=3Dno
> UseCVSGroups=3Dyes
> CVSServerRunAsUser=3Dcvsadm
> --- snip snip ---
>
>
> Thanks you very much.
> Fede
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for =
IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys =
admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id371&op=CCk =
<http://ads.osdn.com/?ad_id%1278&alloc_id371&op=CCk>=20
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li... =
<mailto:cvs...@li...>=20
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users =
<https://lists.sourceforge.net/lists/listinfo/cvsacl-users>=20
>

[cvsacl-users] Re: Doubt about recursive mode and acls

[sbaris <sb...@us...>]

Hi,

Currently, subdirectories does not inherit permission from parent.
So, if you create a new directory, you should set its acl.

I am working on this, and in a few weeks cvsacl will inherit permissions
recursively.

sb...@us...


----- Original Message -----=20
From: "Federico Edelman" <fed...@cl...>
To: <cvs...@li...>
Sent: Monday, December 29, 2003 8:28 PM
Subject: [cvsacl-users] Doubt about recursive mode and acls


> Hi, I'm testing the cvsacl patch. First, I'm installed
> cvs-1.11.10-cvsacl-1.1.3-patched version on a PIII with Debian =
GNU/Linux
> 3.0r1 kernel 2.4.23.
>
> Now, I need a good way to verify user permissions. I will have got
> different web-application projects. For example:
>
> /webroot/project1
> /webroot/project2
> /webroot/project3
>
> I will have got many users that's should be has got different acl. For
> example, "usera" -read- access to "project1".
> "userb" -read/write- access to "project1" and -read- access to
> "project2".
> "userc" -read/write- access to "project1" and "project3".
>
> I'm seeing the patch should be works.
>
> But, I'm having the following trouble:
> When the user is configured, he should be "free moving" into the
> "module-project". But, it isn't possible when he add/create a new
> directory/file. Because nobody can access if I don't run the following
> line:
> # cvs -d /webroot racl userX:cdwr -R -d projectY
>
> Does exist anyway to set the cvsacl options (like above) but the
> recursive mode will be permanent?
>
>
> This is my configurations options:
> # New repository (root)
> mkdir /webroot
> cvs import -d /webroot
> chown -R cvsadm:nogroup /webroot
> chmod 2770 /webroot
>
> # New module (root)
> cd /to/some/path
> cvs import -m "Begin project" project1 usera start
> chown -R cvsadm:nogroup /repository
>
> # Set user permissions for module (root)
> cvs -d /repository racl usera:cdrw -R -d project1
> chown -R cvsadm:nogroup /repository
>
> My aclconfig:
> --- snip snip ---
> UseCVSACL=3Dyes
> CVSACLDefaultPermissions=3Dn
> UseSystemGroups=3Dno
> UseCVSGroups=3Dyes
> CVSServerRunAsUser=3Dcvsadm
> --- snip snip ---
>
>
> Thanks you very much.
> Fede
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for =
IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys =
admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id371&op=CCk
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users
>