foomonkey wrote:
Hello. I have a repository configured and working with pserver. I want
to restrict user's permissions on subdirectories in the repository. I
don't want user A to see user B's projects and vice versa.
In my $CVSROOT/CVSROOT/passwd file, I have something like:
divap:YBGW948yOKKSA:cvsadm
divap is a user on the system. The user id under which CVS runs is
'cvsadm'. In $CVSROOT, I have a subdirectory that looks like this:
drwxrws--x 3 divap dhdev 512 Jul 06 17:16 divap/
This all works fine except that, the pserver user divap can read ALL
the projects in all the other subdirectories because on the server, he
is actually running as cvsadm (see the passwd file entry above).
If I change the passwd file to look like this:
divap:YBGW948yOKKSA:divap
I get an error when I try to run a 'checkout' on a project in the divap
directory that says:
cvs [checkout aborted]: unrecognized auth response from cae1axp1:
setgroups: Not owner
I don't want everyone to run as the administrator account (cvsadm) and
the docs seem to indicate that they can run as themselves (their shell
accounts) but I get the above error.
Any help would be GREATLY appreciated.
Andrew
Obviously "divap" does not have write access to the repository structure.
In my pserver setup, the repository directories & files are owned
"cvs:cvs", and my users run "<username>:<password>:cvs". My admin users
DON'T have the ":cvs" part at the end, but instead are members of the
linux group "cvsadmin", who are granted access automatically (I'm not
sure if it's by pserver or by CVS itself).
Note: I am told it is ill-advised to use admin accounts for regular use.
To get back to the original requirement (restricting access on a
per-project basis), I believe that CVS/pserver does not conveniently
suppport the granularity of access you require.
julian.
_______________________________________________
Info-cvs mailing list
Info-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/info-cvs