[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: acl for cvs try II
From: |
Corey Minyard |
Subject: |
Re: acl for cvs try II |
Date: |
Mon, 30 Jun 2003 14:46:25 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313 |
Edward Peschko wrote:
>On Sun, Jun 29, 2003 at 09:42:11PM -0500, Corey Minyard wrote:
>
>
>>Have you looked at my patch, at http://home.attbi.com/~minyard/? It's
>>been around for a while and is well tested, and implements full ACLs
>>(per directory, per file, and per branch) within CVS, and has a lot of
>>users.
>>
>>
>>
>
>well I wasn't aware of it before I started coding, but yeah I looked at it, it
>looked a
>little bit more complicated/'batched up' than I wanted (ie: you've got other
>changes
>that don't relate to acl.) Also I wanted something simple, wasn't sure how
>easy to use
>your solution was.
>
Yes, it has a few other things, too. It's not terribly difficult to
use, but it may be difficult to use it to achieve what you want.
>
>Anyways, I'm not against your patches (ie: if they are the standard acl for
>cvs, I'd be
>more than happy to use them), but I had a couple of questions:
>
> 1) is your acl mechanism backwards compatible with existing cvs
> clients/servers?
>
Yes. You can't do ACL operations, obviously, but the ACLs are enforced.
> 2) how do you use your acl?
>
Each directory has an owner and a set of permissions. The owner (or an
admin) can set the permissions for directory/files/branches or assign a
new owner for the directory. Permissions can also propigate directories
(you can assign them at a base directory and with a command-line option
to the server have the propigate to subdirectories. propigation can
also be blocked).
Maintenance of ACLs is through new CVS commands.
It is not centralized, though.
>
>#1 is key for me - I need something where I don't need to download a new
>client for
>everyone who wants to use ACL. #2 is pretty important too - I want something
>centralized,
>one file that I can check and see at a glance who has access to what. If #1
>and #2 holds
>for your patch, then like I said I'd be more than happy to use it.
>
For single file centralized access that the users don't have control
over, I believe you could easily set up a shell script to handle that.
No need to modify CVS. I've never done it, but if that's what you want,
I'd recommend trying the shell-script approach. It will be easier to
maintain in the long-term.
-Corey