Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Ted, As a general rule of thumb - permissions should be applied to directories not individual files. The CVSNT acl system was designed primarily for application to directories. In our professional support we're noticing a lot of "education" is required about the interrelationship between source code file organisation and configuration management. The next edition of the eBook will have a chapter on just that. Very very very briefly - code that shares common attibutes (security requirements, "sharing" etc) should always exist in their own directory. In that way permissions can be easily controlled (and inherited) and also allows for easy re-definition of modules via modules2. Technically acl's on files work - but the results can often be surprising. Whether your scenario constitutes a bug or not would require some debate on the newsgroup - anyone else commenting? Regards, Arthur Barrett -----Original Message----- From: cvsnt-bounces at cvsnt.org on behalf of Hayes, Ted (London) Sent: Wed 4/26/2006 9:08 PM To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook Cc: Subject: [cvsnt] chacl problem configuring access to individual files Hi I am running CVSNT 2.5.03 build 2151 on Solaris 9 with accounts set up for pserver access, and all pserver accesses run under a single Unix user account that owns the whole repository. The repository PServer file is set up with AclMode=normal and SystemAuth=no and I am a repository administrator (I am using this configuration rather than ssh since as a humble grunt programmer although I can sudo to the repository owner account, I am not allowed to know the incantations for administering Unix accounts). My understanding is that with this AclMode setting, by default no-one will have access to anything. This seems to be the case. What I am trying to do is give non-administrative users (or a group via CVSROOT/group) read access to a particular directory tree, but write access to only a subset of files within it. I have tried to do this with something like cvsnt rchacl -a read -u testuser project-root-dir cvsnt rchacl -a read,write -u testuser project-root-dir/subdir/testfile I have inspected the fileattr.xml in the repository project-root-dir/CVS and project-root-dir/subdir/CVS and these appear as I would expect - But when testuser tries to commit a change to testfile the server returns cvsnt server: User 'testuser' cannot write to /repository/project-root-dir/subdir so (guessing) the lack of directory write permission appears to be overriding my file write permission. Currently to get the show on the road I have had to grant the user non-inheritable write to the entire directory, but this is less than ideal.. Can anyone tell me if I am getting something wrong here, or is this a known problem etc? Thanks in advance for any help regards Ted Hayes -------------------------------------------------------- If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. http://www.ml.com/email_terms/ -------------------------------------------------------- _______________________________________________ cvsnt mailing list cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs