Re: don't allow a cvs user to execute a specific CVS command

[Jesus Manuel NAVARRO LOPEZ]

Hi, JM:

JM Murillo wrote:
> 
> I would like to allow to specific user U1 to execute only the CVS
> subcommands defined by the CVS admininstrator.
> for example the user U1 can´t execute the cvs "import" subcommand, because i
> don´t want allow him to import files to the repository.
> 
> Is there any way to restrict specific subcommands to specific users?
> 

I don't know if there a tool/patch to do exactly what you want (though I
think I remember someone announcing such a patch)
Anyway, how about a workaround?
Usually the main groups you need to stablish are:
no-access
read-only
read-write.

These can be achived two ways:
If read-only group is a global one (ie: not per project/module etc), and
you're not worried about the no-access group, then you can just give
anonymous access (read-only) and authenticated access (read-write).

If it is not the case, then you can go with filesystem perms:
If a user is not on group X, then she will be able to write, but not if
she doesn't belong to (thus effectively impeding commit).
If not having and account, then no access at all.
The usual filesystem tricks will offer you a bit more granularity,
though if your environment is complex enough, you will need to go with a
OS/filesystem with proper ACLs in place (beyond UGO schema, I mean).
-- 
SALUD,
Jesús
***
address@hidden
***