--- Nick Papadonis <[EMAIL PROTECTED]> wrote: > Dusan Juhas <[EMAIL PROTECTED]> writes: > >> I have a CVS folder which I don't want to be > checkoutable (this has been > >> achieved simply by chmod the appropriate rights). > However, it has a > >> subfolder which I do want people to be able to > checkout/update from BUT > >> not > >> being able to commit to. Is this possible to do? > > For preventing commits, check out the 'cvs_acls.in' > script. This > worked well for me. > > It's included with the CVS source in ./contrib.
This script looks like it's great to control checkins on a per user, per module, and per branch basis. Some comments: 1. It does nothing to control checkouts (as the original poster requested). Aside from putting the module on a box with no access to users, I think the only other way to prevent checkouts is through turning off read permissions. 2. Access control is much easier done on a per-group basis rather than on a per user basis. 3. Per branch access control is not secure since users still have access to the archive files. IMHO, it'd be nice if CVS broke out each branch into a separate directory in the repository. 4. If security is deemed necessary, file system permissions will still need to be used to restrict repository privileges. If one relied solely on this script to restrict access without taking care of repository file system permissions, users will be able to subvert the protections. HTH, Noel __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
