Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hello all, after I got my repository working again going back to a previous version and had a look at the permissions in that process, I'd like to get to the ground of the permission system. Basically, my problem is that I'd like to give users read/write or read/only access to directories within the directory tree without them seeing what's up the tree. I have done that mostly with Win2k file system permissions (see below for a description of the setup), but the problem with that is that the users see what's in the directories that they traverse. For example a user has access to Client/Dir but not Client/Private, that's what they see upon checking out Client: cvs server: cannot open E:/repositories/projects/Client/Private/.perms: Permission denied cvs server: cannot open directory E:/repositories/projects/Client/Private: No such file or directory cvs server: skipping directory Client/Private If I use the cvs chacl command, it looks better, but is also visible: cvs server: User 'restricted' cannot access /projects/Client/Private My questions are: - Is there a way to configure the permissions (Win2k and/or cvs) so that the user can traverse a directory, but doesn't even know about the files and directories he is not allowed to access? - Is it safe to abandon the Win2k access restrictions and exclusively rely on the cvs chacl permissions? The log output looks rather messy when using the Win2k permissions on a directory basis. To do it right, one would have to grant read access to only the .perms file (possibly also the .owner file) in a directory, which gets pretty messy to configure. Thanks for any tips, Gerhard ------------------------------------------------------------- Here is a quick run down on the permissions I have set on the server (Win2k): - RepositoryRoot: Full Control for admins, service and system only (inherited throughout the repository) - RepositoryRoot/CVSROOT: added Read for all other users - RepositoryRoot/CVSROOT/history and val-tags: added Modify for all other users - traversal access to a module (that is if I want a user to have access to a sub-module): add Read access for that user - read-only access to a module: add Read and List Folder Contents access for that user - normal read-write access to a module: add Full Control for that user - the temp directory is outside the repository root, and Everyone has Full Control - in the CVSROOT/config file I have a line with LockServer=localhost:2402 and also one with LockDir=... (also with Everyone having Full Control to the lock dir). Do I need the LockDir entry at all, using LockServer?