Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
>> I'm running a cvsnt server on a Win2k machine, using the sspi protocol, and >> would like to restrict access to the admin command. >> >> I have tried to create admin and passwd files, I have tried to set >> SystemAuth to yes and to no, but it seems normal users that are not part of >> the Administrators group on the server still have access to the admin >> command. Ok, after further investigation I found out that the cvs admin command is not treated as one command in terms of permissions. Most options (like -o, delete revisions) are restricted to admins, while the -k option (change file options) is not restricted. Unluckily this option has been my test admin command... :-\ To summarize: If I read the source correctly, an entry in the admin file always gives a user admin permissions. (This seems to require an entry in the passwd file, too, independently of the protocol used.) If there is no entry and SystemAuth is set, it checks whether the user is in the Administrators group (on Windows, on Unix that's a compile-time configurable group, usually cvsadmin). Is there anywhere some documentation about all this? I can't remember having read anything that mentioned the -k exception. It seems I need to use the source more than I used to, to find out how things are supposed to work... :) Thanks, Gerhard