[ On Wednesday, August 9, 2000 at 12:03:02 (+0800), Mark Harrison wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Greg A. Woods <[EMAIL PROTECTED]> wrote:
> > In fact you can get more powerful ACLs than unix normally offers by
> > default by simply switching to a type of Unix system that offers more
> > powerful ACLs. These types of systems are not rare and are available
> > specifically because there are indeed valid reasons why someone might
> > want
>
> Could you provide pointers to some of these systems? I tried Solaris
> ACL and was rather unsuccessful with making it do anything useful.
I don't think any of them are very much different than any other.
Either those in Solaris, or HP/UX, or anything like them, should have
the same effect.
The trick is to use them correctly, just as you would have to use
permissions and ownerships correctly without full ACLs. Any kind of
access control mechanism, be it traditional unix-style permissions, or
full ACLs, will only have the desired effect if it is placed on the
directories in the repository. You won't get what you're looking for if
you try to use them on the RCS files themselves, particularly because
CVS does not itself do anything with ACLs (at least for now).
Note that I say CVS doesn't itself do anything with ACLs -- it merely
honours them, or rather is forced by the system to honour them. This
means that you'll probably have to either be very careful to set them on
the top level directories in each module so that only those users who
are authorised to work in that module are allowed to even descend beyond
these module roots; or you'll have to periodically check and update the
ACLs on all directories in your repository.
See the first paragraph of the section on "File Permissions" in the
manual.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
