> PVCS (apparently?) provides security on a file by file basis.
> Or, at least an 'object by object' basis (or, in my CVS world, a
> "directory by directory" or, "module by module" basis )
> on a user by user basis. Where
> user A can check
> out a directory, but not check in changes. User B can not
> check out _that_ dir,
> but can check out some other dir. And User C can checkout and
> checkin those
> dirs.
>
> Relying on *nix security wouldn't work here because Solaris
> is the *nix and it has issues with the number of groups that a user can
belong to.
> And, we'll be needed some 20-30 groups, times 2 for read access and write
access.
It sounds to me as if your needs might be met by running
CVS on top of AFS or DFS - products which *are* available
for Solaris and NT (I was at a site using them until last month).
CVS has no access control to speak of, relying instead
on the underlying OS / FS.
AFS gives you ACLs per directory. Not quite as good as NTFS,
but probably enough. AFS avoids Solaris' group limits.
You would need to give the NT programmers a way to SSH
into the UNIX system on which AFS/CVS is mounted....
hmm, maybe not. SSH access to a CVS server might be okay,
but lots of us use CVS on networked filesystems,
although apparently there are performance problems.
Anyway, if you go the CVS server route, you would want to
give the NT programmers a way to SSH in, and a way to
manipulate AFS groups and permissions.
> Relying on NT security (since most of the developers will be
> playing on NT) always gives me a good laugh,
> so I bring it up for you to also enjoy.
I'm not so sure I would agree here. If Microsoft has gotten
rid of the last cleartext passwords, the basic security architecture
of NT is better.
