[cvsacl-users] access file format issue of expanding sym links
Brought to you by:
sbaris
Menu
▾
▴
[cvsacl-users] access file format issue of expanding sym links
|
From: Mortensen, M. <mar...@th...> - 2004-06-23 16:03:01
|
While understanding that the new v1.2.0 patch appears to still be under construction I have been doing some testing with patch 1.1.0 on cvs v1.11.5. We have a need to restrict access to some modules (and their sub directories) to a limited set of users. Our cvs server is setup as a pserver and I am using the racl commands to implement restrictions from a client machine. However, I am seeing that the directory names that are getting placed into the access file inside the CVSROOT module on the cvs server are incorrect. The problem I think is symbolic links. Here's the scenario: - Setup CVSROOT on the client to: CVSROOT=:pserver:someadmin@hostname:/TEST - TEST is the repository however /TEST on the cvs server is a sym link to /cvs/TEST on the physical drive. Inside the TEST repository is a module called moduleA. - On the client the user someadmin executes: cvs racl restricteduser:n -r ALL -D moduleA -R - The output on the client console is: X /cvs/TEST/moduleA X /cvs/TEST/moduleA/ant X /cvs/TEST/moduleA/ant/bin X /cvs/TEST/moduleA/ant/deploylib X /cvs/TEST/moduleA/ant/lib ... NOTE: See how the racl command has expanded /TEST to /cvs/TEST. - Inside the access file in the CVSROOT module the entries are: ... d:/cvs/TEST/moduleA:ALL:restricteduser!n: d:/cvs/TEST/moduleA/ant:ALL:restricteduser!n: d:/cvs/TEST/moduleA/ant/bin:ALL:restricteduser!n: d:/cvs/TEST/moduleA/ant/deploylib:ALL:restricteduser!n: d:/cvs/TEST/moduleA/ant/lib:ALL:restricteduser!n: ... - The problem is if the restricteduser attempts to checkout the module, moduleA, they shouldn't be able to because I have set the permissions to 'n'. 'n' means no access. However, the user can checkout the module no problems. The restricteduser will setup the CVSROOT as above and execute: cvs checkout moduleA If I change the entries in the access file inside the CVSROOT module from /cvs/TEST/moduleA to moduleA then the user has restricted access. Sure I could go and change the directories manually but our server has about 50 modules and each module has about 100+ subdirectories to make this not a feasible option. Here's the questions: - Why is the directories getting expanded and not just left as moduleA? - Is there another way to use the racl command to not cause this behaviour? (We need to have the sym link ability). -Mark ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ |
