Well, your problem seems quite like mine. We have our repository mounted on nfs and there is one setGuid "cvs" binary placed. The whole repository and code is in one user permission only and the "cvs" is setGuid for this user. A normal user will execute this setGuid "cvs" and checkout/checkin the code. To limit some users for doing some basic operations I have installed a perl script to check the user id ( not effective group id, because that is set by setGuid "cvs") and do basic ACL checking.
But I am not sure how to disable users while checking out the modules. I think module file comes into picture only after code is checked out. But my ACL checking at least limits them to do any modifications in the CVS :-) that was my basic concern. I hope this may be of some help to you. Regards, Vishal Jain -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, March 01, 2002 1:48 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Restricting access to certain modules in a repository Schlitz writes: > > I have a basic system 'cvsuser' user that is used in the passwd file as the > system user name for all users. Hmmm. > Because the repository is on some kind of network-attached drive (which I > have no knowledge of), there are (so the sysadmins tell me) complications > that prevent us from using unix group permissions facilities to control > access to the different modules in my repository. Having the repository on a network file system is a very bad idea -- we've had lots of reports of repository corruption caused by subtle bugs in network file systems. I strongly suggest moving your repository to a local disk, which would also avoid the problem with using group permissions. > Is there any way to control all access to some modules in a repository in > this scenario? I use scripts to control commit permissions by user name on > a per-module basis, and do the same for tags, etc....is there a similar > facility that can be used for checkouts, or some other technique? You might be able to use the userid rather than groups, the key point being that a user only has one userid whereas a user can belong to lots of groups. Other than that, I think you're stuck -- there's no script that's guaranteed to be run during a checkout. -Larry Jones Physical education is what you learn from having your face in someone's armpit right before lunch. -- Calvin _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
