Re: locking a file

[David H. Thornley]

address@hidden wrote:
> 
> I have aproblem that a user can unlock (cvs admin -u) a file locked
> by other developer. Is there a way to prevent this behavior?
> p.s
> I'm using cvs 1.11 on Linux
> 
Some people will say that the problem is that you're using
cvs admin -l to lock files, instead of using CVS for concurrent
development as it was intended to be used (or using the "cvs edit"
and "cvs watch" commands that are all that should be necessary for
locking - if they aren't, fire your developers).

However, for Unix (which I am going to assume unless told otherwise),
if there is a group called "cvsadmin", then members of that group,
and only members of that group, can use the "cvs admin" subcommand
(except for the "-k" option).  (This is according to the manual
in texinfo form that should have come with your distribution.)

Therefore, if you create a "cvsadmin" group, and include
developers, and not users, then the developers can abuse the
"cvs admin -l/-u" facilites without interference by the users.

If you've already got this group, you've obviously put developers
and users on it.  If not, then it isn't any sort of added security
problem to give developers permission to do what they already
can do.

If you aren't the sysadmin, then, talk to the sysadmin.  Adding a
group, and adding members to the group, is fairly easy.

-- 
David H. Thornley                          Software Engineer
at CES International, Inc.:  address@hidden or (763)-694-2556
at home: (612)-623-0552 or address@hidden or
http://www.visi.com/~thornley/david/