Repository management

[Jason Henry Parker]

Hi list,

I'm responsible for reconfiguring our CVS repository where I work.
What we have currently is an NFS-shared CVS root, using standard UNIX
file permissions to control access.  There is one Windows user using
Samba and WinCVS (1.0.6) who is having a great deal of trouble.

The proposed solution is to move the modules available to a new
repository accessible through pserver[1], with all files owned by a
cvs user and group.  Thus all the password entries for a project would
look like:

        user1:crXXXXXX:cvsuser

We're wondering if it wouldn't be better to divide the repository up
on a per-customer basis, since some employees should not be able to
read (let alone write!) some data, such as in-confidence customer
data, or projects under NDA.  If we do this, then I imagine each
repository will need to be owned by its own user and group (not too
hard), and the data will need to be moved out of where it is now.

1. Will simply copying the existing directories work?  What about the
   CVSROOT/history file?  What about other metadata in CVSROOT/ ?

2. Alternatively, is it possible to tweak CVSROOT/ to make some
   directories readable or writable by only some users, or do I have
   to resort to messing with UNIX file permissions?

3. The CVS book says CVSROOT/ needs to be writable by everyone.  My
   plan is to make CVSROOT/ writable by world, and all the files
   (except CVSROOT/history) writable only by a cvsadmin user.

Any advice is more than welcome.

[1] : We're not concerned about pserver's security limitations as this
      host is not on our external network.  However, I can see a
      project on sourceforge called cvsauth which uses SSL---does
      anyone have experience with it?

Cheers,
-- 
Jason Henry Parker      ``Choose mnemonic identifiers.  If you
address@hidden    can't remember what mnemonic means,
 address@hidden         you've got a problem.'' -- Larry Wall