Hi, Imre. I setting up something pretty similar to what you looking to do. --- Imre Oolberg <[EMAIL PROTECTED]> wrote: > What i have in mind is a sinlge repository, accessable over pserver and > CVS users are not native UNIX users. Under the repository i plan to set up > several cataloges ie projects and i want to restrict access to certain > projects only to certain CVS users. > So i though, i define separate modules according to a projects and > 'somewhere' show what CVS user is permitted to deal with which module. I > think it doesnt need to be more grained like to provide some users read-only > and > other read-write access. Just access vs no-access. > But i couldnt figure out where is that 'somewhere' :( If you want multiple projects in one repository while controling access on the project level, you will have to have a different group for each project directory structure. Either the user's unix id has to be in the proper group for the project (pserver as root), or the cvs pseudo user has to be in the proper group for the project (pserver as non-root). Since your users won't all have unix ids, you will need a psudeo user for each project, and map the user to the proper psuedo user in CVSROOT/passwd. I prefered not to have to worry about maintaining a psudeo cvs account per project, so I went with your approach below. > Other possibility, i guess its the way i need to go is to create for each > project separate repository. But at some point inside the repository my > appear the need to differentiate the users anyway. So this is temporary > solution. Here you can have one non-root cvs psuedo user to run the cvs pserver. Here you can have one group to own all repositories (no users should be in that group, of course). This means even a user happens to be on the server, the user must connect via pserver. Have one passwd file be the master, have all other CVSROOT/passwd files symlink to it. Create a writers file in each repository to control access to each repository. > In addition there was warning that inetd.conf allows its lines to be fixed > length and it might be a problem with multiple repositories. I need to > check it out on my system which is slackware current but may become any > linux if it needs to) I have tested up to 30 cvsroot --allow-root options in a pserver call. I don't think there is a limit to the number of --allow-root options. Of course I don't use the standard CVS manual inetd.conf line. I have a c program in inetd.conf, call it pcvs, that dynamically reads a config file for a list of cvsroots, then calls pserver as per CVS manual. I run it on solaris, you should be able to set it up on linx also. It propably doesn't have to be a c program, a perl script might work also. Hope something here helps. ===== \=======================\ \==\ Mark O'Brien \==\ CM Consultant \==\ [EMAIL PROTECTED] \=======================\ __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
