[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Directory-level access control?

From: Noel L Yap
Subject: Re: Directory-level access control?
Date: Fri, 6 Oct 2000 09:41:36 -0400

Setting up something like this would probably be more maintainable if your file
system supports ACLs and you use them along with the more traditional Unix
permissioning (man setfacl for more info).  The gist of ACLs is that you can
assign one directory to be writable by any number of users/groups, read-only to
another set of users/groups, and no permissions to yet another set of
users/groups without polluting /etc/group.


address@hidden on 2000.10.05 17:20:42

To:   address@hidden
cc:   address@hidden (bcc: Noel L Yap)
Subject:  Re: Directory-level access control?

address@hidden wrote:

> This all works well, and seems to be reasonably secure. However, what
> I REALLY want to do is use just one repository for the whole she-bang,
> and have directory-level access control. i.e. a directory accessible
> by both companies may contain a directory accessible by only one
> company, or a directory accessible by only one company may contain a
> shared directory.

Yes.  You can do it using standard UNIX permissions & groups.  Everybody
should be able to write the CVSROOT/history file as well.  If you have
any directories you wish to be read-only to one company and writable by
the other you will need to set the LockDir in CVSROOT/config to something
writable by everyone from both companies.  Look up the config admin file
in the Cederqvist.


Derek Price                      CVS Solutions Architect ( )
mailto:address@hidden     OpenAvenue ( )
Metaphors be with you.

Info-cvs mailing list

This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]