Re: [cvsacl-users] access file format issue of expanding sym links
Brought to you by:
sbaris
Menu
▾
▴
Re: [cvsacl-users] access file format issue of expanding sym links
|
From: <sb...@us...> - 2004-06-24 09:56:33
|
Hi Mark, patch 1.1.0 has some errors, I do not recommend you to use that. 1.2.0 is better than 1.1.0. 1.2.0 works good with symbolic links in repository, symbolic links does not expand in access file. Link to another directory in repository works just as that directory is a subdirectory of its parent. Regards, Baris sb...@us... ----- Original Message ----- From: "Mortensen, Mark" <mar...@th...> To: <cvs...@li...> Sent: Wednesday, June 23, 2004 7:05 PM Subject: [cvsacl-users] access file format issue of expanding sym links > While understanding that the new v1.2.0 patch appears to still be under > construction I have been doing some testing with patch 1.1.0 on cvs v1.11.5. > We have a need to restrict access to some modules (and their sub > directories) to a limited set of users. Our cvs server is setup as a > pserver and I am using the racl commands to implement restrictions from a > client machine. However, I am seeing that the directory names that are > getting placed into the access file inside the CVSROOT module on the cvs > server are incorrect. The problem I think is symbolic links. Here's the > scenario: > > - Setup CVSROOT on the client to: > > CVSROOT=:pserver:someadmin@hostname:/TEST > > - TEST is the repository however /TEST on the cvs server is a sym link to > /cvs/TEST on the physical drive. Inside the TEST repository is a module > called moduleA. > > - On the client the user someadmin executes: > > cvs racl restricteduser:n -r ALL -D moduleA -R > > - The output on the client console is: > > X /cvs/TEST/moduleA > X /cvs/TEST/moduleA/ant > X /cvs/TEST/moduleA/ant/bin > X /cvs/TEST/moduleA/ant/deploylib > X /cvs/TEST/moduleA/ant/lib > ... > > NOTE: See how the racl command has expanded /TEST to /cvs/TEST. > > - Inside the access file in the CVSROOT module the entries are: > > ... > d:/cvs/TEST/moduleA:ALL:restricteduser!n: > d:/cvs/TEST/moduleA/ant:ALL:restricteduser!n: > d:/cvs/TEST/moduleA/ant/bin:ALL:restricteduser!n: > d:/cvs/TEST/moduleA/ant/deploylib:ALL:restricteduser!n: > d:/cvs/TEST/moduleA/ant/lib:ALL:restricteduser!n: > ... > > - The problem is if the restricteduser attempts to checkout the module, > moduleA, they shouldn't be able to because I have set the permissions to > 'n'. 'n' means no access. However, the user can checkout the module no > problems. The restricteduser will setup the CVSROOT as above and execute: > > cvs checkout moduleA > > If I change the entries in the access file inside the CVSROOT module from > /cvs/TEST/moduleA to moduleA then the user has restricted access. > > Sure I could go and change the directories manually but our server has about > 50 modules and each module has about 100+ subdirectories to make this not a > feasible option. > > Here's the questions: > > - Why is the directories getting expanded and not just left as moduleA? > - Is there another way to use the racl command to not cause this behaviour? > (We need to have the sym link ability). > > -Mark > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > cvsacl-users mailing list > cvs...@li... > https://lists.sourceforge.net/lists/listinfo/cvsacl-users > |
