[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: acl for cvs try II
Re: acl for cvs try II
Mon, 30 Jun 2003 14:46:25 -0500
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313
Edward Peschko wrote:
>On Sun, Jun 29, 2003 at 09:42:11PM -0500, Corey Minyard wrote:
>>Have you looked at my patch, at http://home.attbi.com/~minyard/? It's
>>been around for a while and is well tested, and implements full ACLs
>>(per directory, per file, and per branch) within CVS, and has a lot of
>well I wasn't aware of it before I started coding, but yeah I looked at it, it
>little bit more complicated/'batched up' than I wanted (ie: you've got other
>that don't relate to acl.) Also I wanted something simple, wasn't sure how
>easy to use
>your solution was.
Yes, it has a few other things, too. It's not terribly difficult to
use, but it may be difficult to use it to achieve what you want.
>Anyways, I'm not against your patches (ie: if they are the standard acl for
>cvs, I'd be
>more than happy to use them), but I had a couple of questions:
> 1) is your acl mechanism backwards compatible with existing cvs
Yes. You can't do ACL operations, obviously, but the ACLs are enforced.
> 2) how do you use your acl?
Each directory has an owner and a set of permissions. The owner (or an
admin) can set the permissions for directory/files/branches or assign a
new owner for the directory. Permissions can also propigate directories
(you can assign them at a base directory and with a command-line option
to the server have the propigate to subdirectories. propigation can
also be blocked).
Maintenance of ACLs is through new CVS commands.
It is not centralized, though.
>#1 is key for me - I need something where I don't need to download a new
>everyone who wants to use ACL. #2 is pretty important too - I want something
>one file that I can check and see at a glance who has access to what. If #1
>and #2 holds
>for your patch, then like I said I'd be more than happy to use it.
For single file centralized access that the users don't have control
over, I believe you could easily set up a shell script to handle that.
No need to modify CVS. I've never done it, but if that's what you want,
I'd recommend trying the shell-script approach. It will be easier to
maintain in the long-term.