Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Give cvs -d :MyLogin:MyPassword at MyServer.Com:/cvs chacl -u myuser -a read,nowrite,nocreate,notag,nocontrol, mymodule a try. Cheers Mikew Marco Rinaudo wrote: > (CVSNT) 2.5.01 (Travis) Build 1976 (client/server) in a Linux Redhat 9 > server, installed from RPM. > I use pserver as authentication method. > > Everything works in a perfect manner except I am not able to enforce > read-only rights for a user in regard of a specific directory or in regard > of a specific file. Please note that I wish to do it using CVSNT acl > internal system, I do not wish to manually change directories and files > permission at the linux file system level. > > Let me show my steps from the creation of a module to the setup of > corresponding rights. >>From outside the cvsroot I issue the following commands: > > --------------------- > [root at power root]# mkdir mymodule > [root at power root]# cd mymodule > --------------------- > > now I copy a random file inside my new directory mymodule: > > [root at power mymodule]# cp /etc/redhat-release . > > now I am ready to create the new module under my repository: > > -------------------------------- > [root at power mymodule]# cvs -d :pserver:MyLogin:MyPassword at MyServer.Com:/cvs > import -d mymodule vendor_name initial > > Output of the previous command: > N mymodule/redhat-release > > No conflicts created by this import > ------------------------------- > > Now the module named mymodule is under my repository > > To be really sure let issue an "ls" command: > > ----------------------- > [root at power mymodule]# cvs -d :pserver:MyLogin:MyPassword at MyServer.Com:/cvs > ls > Listing modules on server > > CVSROOT > mymodule > ----------------------- > > Very good, I am proud of myself! > Now let check the rights associated to mymodule: > > ----------------------- > [root at power mymodule]# cvs -d :pserver:MyLogin:MyPassword at MyServer.Com:/cvs > rlsacl mymodule > Directory: mymodule > Owner: MyLogin > ---------------------- > > ok, now it's time to tell the server that my user named myuser has only > READ-ONLY rights under the module mymodule: > > -------------------------------- > [root at power mymodule]# cd /tmp > [root at power tmp]# cvs -d :pserver:MyLogin:MyPassword at MyServer.Com:/cvs > checkout mymodule > cvsnt server: Updating mymodule > U mymodule/redhat-release > [root at power test]# cvs -d :MyLogin:MyPassword at MyServer.Com:/cvs chacl -u > myuser -a read mymodule > setting ACL for directory mymodule > -------------------------------- > > now let check that my ACLs are set as I was expecting: > > ------------------------ > [root at power test]# cvs -d :pserver:MyLogin:MyPassword at MyServer.Com:/cvs > lsacl mymodule > Directory: mymodule > Owner: MyLogin > > user=myuser > read > [root at power test]# cvs -d :pserver:MyLogin:MyPassword at MyServer.Com:/cvs > rlsacl mymodule > Directory: mymodule > Owner: MyLogin > > user=myuser > read > ---------------------------------------- > > I eventually managed to sucessfully set "read" rights for the user named > myuser under the module named mymodule. > I am now expecting that myuser is not able to WRITE under mymodule, she is > supposed to be ONLY able to read not to write. Am I wrong? > Of course if I am writing here that's because I have to be wrong somewhere > because myuser is able to read and write whatever she likes under mymodule. > She can commit change to redhat-release, she can create new files, she can > remove files, she can read files, she can create new directories, she can do > whatever she likes... > The only way I managed to prevent myuser from adding or changing or > committing new files was when I set the correspnding ACL to "none" ( > chacl -u myuser -a none), which is too strict, I just want give her the > right to read a file but not to change it. Again please note I need to > acheive the expected result using CVSNT ACLs, a linux filesystem workaround > will not solve my problem. > > Just to give you a full overview of my configuration, note that: > > MyLogin is inside CVSROOT/admin > and > myuser is inside CVSROOT/writers > > If I remove myuser form CVSROOT/writers, myuser is not able to write at all, > not just under mymodule, nowhere. > On the other hand if I remove myuser from CVSROOT/writers and I add the > writing right using the CVSNT ACL ( chacl -u myuser -a read,writer > mymodule) myuser is not able to write neither. > > Please advice. > > Marco Rinaudo. > > > > > > _______________________________________________ > cvsnt mailing list > cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook > http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs