This is probably one of those questions that keeps appearing in this list with a quite annoying frequency _but_, as I haven't found anything in the CVS documentation, neither in sourcefoge, savanah nor in google, I'll ask it here anyway - perhaps it is not really a frequentily asked question.
I and some pals are installing CVS in a box to provide CVS repositories to students of our course. We are planning on doing something similar to SourceForge[1]: every student having complete control over it's own repository and over the projects inside it, ie., control on who can access what in his repository[4]. We also wanted for the repositories to be sowhat similar to public_html dirs: directories inside the user home_dir that have its contents's size taken in account in the users filesystem quotas. Thing is, with plain CVS tools this seems pretty much un-pratical and kind of insecure: in order to give each studant complete control on his repository,from what I've read about CVS, I would have to use pserver[2], for it is the only one that provides user authentication and control based on per-project user-editable password files. All the others kind of access seem to do not have such kind of control. Perhaps it is not really all that complitated to do this with pserver, as I could easily put each user repository as a directory inside the user home dir and have the user and the contributors of its projects "pserver" to that repository anyway, but: * I would have to tell pserver that there is a new repository to be server as well ( no problem, can be done with a update script that edits a list of repositories to be passed to the pserver daemon. Debian CVS admins may have a clue of what I'm talking about more precisely ) * pserver has to be run as root? It really needs RW control on the repositories, what would easly be "satisfied" by having the repositories chgrp'ed cvs/source and having cvs running as user nobody, group cvs/source. But then, if a user commits a SGID script, would then this script be able to delete all the contents of others' repositories?! Does CVS clean SUID and SGID bits? * wrost, if cvs really has to be run as root to provide the functionallity we want, by editing a project CVSROOT/passwd file and malicious setting the "system/real user" ( what's the word cvs documentation uses for this?!) of one its project users, He could gain "root" access or have his files writen and theirs size accounted on someone else's filesystem quota. So, is there a pratical way of doing what we want with CVS? I could always install SourceForge or Savanah code ( are the easy to install in first place?! ) but I belive there must be a "simpler" ( or, more elegant ) way of doing this. We would really apreciate any clues you guys can give us. Thanks in advance. []s MaCa [1] I've never uses SF as a project ownner, so i'm pretty much guessing how things should work there.... [2] If it was possible, I'd rather use SSH[3] as authentication and access mechanism, instead of pserver, but then i loose the possibility of having the per-project user-editable password/control files. [3] If there was support for ACL[5] in linux, we could just ignore all those little issues and use CVS + SSH + all the stuff we need. [4] Before anyone suggestes using groups, the problem with groups is that I would have to create a group to each project of each student. Ok, it _is_ a possible solution but i really thing that the groups solution tends to make things get messy and not to scale well. [5] OK, jfs supports ACL but isn't there a cleaner way?! Some sort of way that doesn't depends on having file-system conversions, backups and such?! _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs