Re: [cvsacl-users] "n" access gives empty dir structure

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

hi,

1) Which version, you are using? If you try new 1.2.0 then you will see
a new config keyword (StopAtFirstPermissionDenied).
If you set StopAtFirstPermissionDenied to yes
(StopAtFirstPermissionDenied=yes)
in aclconfig file, users with 'n' permission will be stopped whenever a
denied file/directory
encountered. That may work for you?
You can gine n permission to you top level files, so they cannot read.
(cvs -d /path/to/repository racl userA:n -f somefile.txt)

2) Yes, you are right. acl, and racl commands changes access file in
CVSROOT.
aclconfig file is in checkoutlist. (aclconfig,v exists).
But access file is not in checkoutlist, it does not work if you put it in
checkoutlist.
CVS users should have read access to these files.

sb...@mi...

----- Original Message ----- 
From: <cv...@ab...>
To: <cvs...@li...>
Sent: Saturday, February 14, 2004 6:42 PM
Subject: [cvsacl-users] "n" access gives empty dir structure

> Hello:
>
> I have just successfully installed and configured cvsACL for the
> first time, so please
> forgive the beginner questions.  However, I have two questions
> that I would appreciate
> any assistance you may be able offer.
>
> 1) I have configured my default ACL (for a specific sensitive
> CVS repository) to be "n"
> via the CVSACLDefaultPermission value in the aclconfig file.
> Then, I configure the
> other ACLs, (r, w, etc.) for the certain users that should have
> access in this case.
> This seems to be working fine in terms of allowing access where
> needed and denying
> access as needed with a few exceptions.  First, any user (even
> those with "n"
> permission") will still receive the entire directory structure
> of the repository in
> question.  Note that they do NOT recieve any files that they do
> not have access to,
> but they still receive an empty directory structure for those
> dirs nested well into
> areas that they have no permissions?  Now, I understand that
> they really aren't getting
> any useful data here, but I would like to have them avoid
> getting even the empty dir
> structure below where they are authorized.  Similarly, there are
> several "top level"
> files (not directories) that any user will get - even the "n"
> users.  I'd appreciate
> any explanation and/or assistance as to how this can be avoided.
>
> 2) Finally, are the access and/or aclconfig files typically
> added to the CVSROOT
> checkoutlist?  I've noted that the racl command seems to write
> to/delete this file
> whenever it runs and I'm wondering how this functioning would be
> affected if these
> files become read-only as members of the CVSROOT checkoutlist.
>
> Thanks in advance!
>
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> cvsacl-users mailing list
> cvs...@li...
> https://lists.sourceforge.net/lists/listinfo/cvsacl-users
>