cvsacl-users

[cvsacl-users] ACL Administrator

[Paola A. <pao...@or...>]

All,

I have CVS patched with CVSACL, It works perfectly, but I don't 
understand some things.

My CVS use pserver, for this reason I created passwd and group files in 
CVSROOT directory. Then, the ACL rules are based in cvs users and 
groups. I choose a cvs user as acl admin (acladmin), in others words, I 
execute the next sentence locally to the CVS server:
     $cvs racl  acladmin:p -r ALL -d ALL

After that, I set other permissions to the others cvs users and groups.

Everything works perfectly, the users use a WinCVS client and They just 
only make the operations that the ACL rules allow. But I don't 
understand the meaning of the acl admin, because a system user in the 
server makes changes in the rules without being an acl admin.

Am I doing something wrong?

Thanks in advance,

Paola

Re: [cvsacl-users] ACL Administrator

[sbaris <sb...@us...>]

System users in the server can make changes locally on CVSROOT/access =
file if file system
permissons are write enabled. You can give only read file system =
permisson to CVSROOT/access file,
so they cannot change the file locally on server.

cvsacl patch only works over pserver connection.
Local users using local cvs command on server does not affected from =
cvsal permissions,
so you may restrict users from logging in to server via telnet or SSH.

Regards,
sb...@us...
=20


----- Original Message -----=20
  From: Paola Attadio=20
  To: cvs...@li...=20
  Sent: Wednesday, November 24, 2004 4:13 PM
  Subject: [cvsacl-users] ACL Administrator


  All,

  I have CVS patched with CVSACL, It works perfectly, but I don't =
understand some things.=20

  My CVS use pserver, for this reason I created passwd and group files =
in CVSROOT directory. Then, the ACL rules are based in cvs users and =
groups. I choose a cvs user as acl admin (acladmin), in others words, I =
execute the next sentence locally to the CVS server:
       $cvs racl  acladmin:p -r ALL -d ALL

  After that, I set other permissions to the others cvs users and =
groups.

  Everything works perfectly, the users use a WinCVS client and They =
just only make the operations that the ACL rules allow. But I don't =
understand the meaning of the acl admin, because a system user in the =
server makes changes in the rules without being an acl admin.

  Am I doing something wrong?

  Thanks in advance,

  Paola

Re: [cvsacl-users] ACL Administrator

[Paola A. <pao...@or...>]

Thanks,

Best Regards,
Paola

sbaris wrote:

> System users in the server can make changes locally on CVSROOT/access 
> file if file system
> permissons are write enabled. You can give only read file system 
> permisson to CVSROOT/access file,
> so they cannot change the file locally on server.
>  
> cvsacl patch only works over pserver connection.
> Local users using local cvs command on server does not affected from 
> cvsal permissions,
> so you may restrict users from logging in to server via telnet or SSH.
>  
> Regards,
> sb...@us... <mailto:sb...@us...>
>  
>  
>  
> ----- Original Message -----
>
>     From: Paola Attadio <mailto:pao...@or...>
>     To: cvs...@li...
>     <mailto:cvs...@li...>
>     Sent: Wednesday, November 24, 2004 4:13 PM
>     Subject: [cvsacl-users] ACL Administrator
>
>     All,
>
>     I have CVS patched with CVSACL, It works perfectly, but I don't
>     understand some things.
>
>     My CVS use pserver, for this reason I created passwd and group
>     files in CVSROOT directory. Then, the ACL rules are based in cvs
>     users and groups. I choose a cvs user as acl admin (acladmin), in
>     others words, I execute the next sentence locally to the CVS server:
>          $cvs racl  acladmin:p -r ALL -d ALL
>
>     After that, I set other permissions to the others cvs users and
>     groups.
>
>     Everything works perfectly, the users use a WinCVS client and They
>     just only make the operations that the ACL rules allow. But I
>     don't understand the meaning of the acl admin, because a system
>     user in the server makes changes in the rules without being an acl
>     admin.
>
>     Am I doing something wrong?
>
>     Thanks in advance,
>
>     Paola
>
>
>
>