info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: As if there wasn't enough discussion about access control...


From: Kaz Kylheku
Subject: Re: As if there wasn't enough discussion about access control...
Date: Thu, 27 Sep 2001 19:10:55 GMT
User-agent: slrn/0.9.6.3 (Linux)

In article <address@hidden>, Jimmy Rimmer wrote:
>I've set up CVS on a Linux server.  We access it over SSH.
>
>Currently, access is through group permissions; if you're a member of the
>'cvs' group on the Linux box, you have full access the repository.  But if
>you're not...
>
>I'd like to be able to establish some sort of "checkout-only" access for the
>folks in marketing.

Since they probably use Windows, you can give them a hacked version in WinCVS
which has all elements related to committing removed.

> Is there a way to create such a thing using Unix file
>permissions?  Or do I need to dig into the administrative files?

The easiest way is to make a ``cvsusers'' group and put all the developers
into it. Ensure that only cvsusers have write access to files and
directories; all other users have read-only access.

Don't forget to enable the setgid bit on all directories, so that newly
created files and subdirectories inhert the group ownership.

In addition, ensure that umask is set up properly in /etc/profile
(or wherever it may be) with at least 002 to deny writing to others.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]