> Tony Cleveland wrote:
> The taginfo script will
> definitely work for what I was tying to do, I had not thought of that.
> The only drawback is that you end up with another authorization file
> "taggers" that needs to be maintained.
I'm actually (in my free time) working on a crappy little perl harness
that you'd install in commitinfo, loginfo, taginfo, verifymsg, etc. that
would normalize these various files/hooks on top of a basic access
control architecture (the way it should have been done, as far as I'm
concerned, in CVS to begin with, but I'm not complaining as I didn't
write it). Then, for example, you'd just save one file (or stuff
something in a database somewhere) saying what users can do what.
Remember, in ACL systems you can either:
1. Hang an ACL off of the guy that lists what he can do to what objects
2. Hang an ACL off of the object that lists what guys can do what to him
3. Hang an ACL off of the action that lists what guys can do said action
on what objects
Since, in CVS, the number of objects is always growing (i.e. the files
in the repository), the number of actions is (relatively :-)) constant,
and the number of users is typically moderately small and managed by the
OS, I'm going with approach (1) above.
> The only thing that comes to mind about how to implement this in a
> more generic sense would to modify the format of the passwd file.
> Fields would to have to be added that would control the different
> types of permissions. The main benefit of this would be a single point
> of administration which IMHO is a big usability point.
Your suggestion here also opts for option (1), but I personally wouldn't
throw this information in the passwd file.
Cheers,
Laird
