Re: [cvsacl-users] How Stable is CVS ACL
Brought to you by:
sbaris
Menu
▾
▴
Re: [cvsacl-users] How Stable is CVS ACL
|
From: Stig H. <sti...@cy...> - 2004-10-27 10:10:06
|
bit...@gm... wrote: >Hello everybody, > >I'm new to cvs and got a few questions for a project in my company. >I'm looking for a way to manage access a CVS repsitory with differnt user >permissions to the files and directories on linux. Searching in google >haven't brougt good ideas to me. >CVS uses in fact, to manage access the file permissions of the file system and >optionally, the permissions in writers and readers if you have set them. >The bad thing is, that I cannot do some finetuning on the system. >When I have 5 Projects, for example with 5 different groups I cannot give an >user which belongs to project1 group write access to the project2 directory >which belongs to a other group without the option that the other members of >project1 group cannot access project2 dir. >First I thought, I can solve this problem with the use of the posix acls in >ext3. But in my tests a cvs commit with pserver of a modified file changes >the the owner and group of the file to the user id and group I do the commit. >The attributes which I set before with setfacl are lost then after commit. >And finally I haven't find a way that CVS keep the file permissions and >uid.gid on commit as they are in the repository. :-( > Using pserver connects, you can control which user the cvs server runs as using the 3rd column in the passwd file local to cvs (in CVSROOT directory). Utilizing that enables you to get what you want by setting the 's' bit on owner+group on directories and defining runas-users correctly in UNIX. Or eventually by using posix acl's. In other words: If you can make the setup via normal UNIX users, you can do also in cvs - but it can be rather complicated.... >So I think the use of CVSACL would be the best way to manage the >Repository. ;-) > Yes! It is far easier and you avoid double administration (just cvs instead of UNIX and cvs). >But why is CVSACL only a patch and is not included in main cvs? >Is it in time more testing, or can it be use in a productive enviroment? >For examle on a cvs server in company without the risk of loosing data or >server crashing. > cvs with or witout cvsacl is NOT a safeguard against dataloss and/or corruption. Backups are! Having said that, then I have yet to see cvs corrupting or losing data by itself - and I have used cvs for several years. |
