Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Mike Wake wrote: > cvs -d sspi;username=naughtyuser;hostname=mycvsserver:/MyLockedDownRepos > checkout _all (in directory D:\HowItCouldBeDone) > cvs [checkout aborted]: cvs [server aborted]: Repository directory > /home/cvsuser/CVSREPOS_LOCKDOWN/MyLockedDownRepos does not exist: > Permission denied You have completely denied access to the repository for those users. The whole path is given in the error here because it's a configuration failure - the server can't access it (or even verify it exists). You can perform a lockout like this by denying access to CVSROOT or even just CVSROOT/config. > Would you recommend that I remove them if I am totally sure that I don't > want to revert to an older version of the server (Be assured that I > don't, If it were possible for this version ;) )? You might as well - everything is in the fileattr.xml files now. > I haven't played with/completely missed the deny ( ie noread, nowrite ) > stuff. When I was experimenting with this a few months ago I was trying > to explicitly and recursively allow read by users that fall into the > "default" category. And I was not not setting anything else for the > default user. I was assuming that not setting "write" was equivalent to > using "nowrite" The default is 'allow everything' (for compatibility), so it's the other way around at the moment (there's an implicit default 'allow all' ACL in the root of the repository). > Instead I should have just been denying everything except "read" for the > default users at the root level and then explicitly allowing operations > for the relevant users and groups in the sections of the repository that > are required. > > Is this correct? If it is, I hope helps someone else get it. Yes if you put a deny at the root it'll work more like you expect. Tony