[cvsnt] more ACLs questions

Fri Jan 13 16:03:11 GMT 2006

In a previous thread (ACLs Again...) Gerhard Fiedler pasted the
following results of a lsacl

p:\general>cvs lsacl
Directory: .
Owner: gfiedler

user=group1
       read

user=group2
       read
       write
       create
       tag

user=gfiedler
       all

<default>
       none

I am learning and have just implemented ACLs , but have a few
questions.  I am using a linux cvsnt server on version 2.5.02
(Servalan) Build 2088, and windows cvsnt clients on version 2.5.02
(Servalan) Build 2064.

1.  I notice the output of users/groups with permissions of "all" and
"none".  How is this set?  I thought the only options were
read/write/create/tag/control, and the negative of each.  Are there
global "all" and "none" options?  If so, what other undocumented
options exist?

2. When deleting an ACL, what defines what is to be deleted?  I think
it is the directory and the user/group combo, and this would delete
the definition for this user/group in this directory, regardless of
the permissions set.  Is this correct?  To modify an existing ACL is
this best done by adding it again, over the top of an existing one, or
should it be delted first?

3. As documented, chacl requires both the repository and working
directory.  Why does it require the working dir?  It seems to me more
like rtag in that it needs a valid CVSROOT, and a valid module and/or
path to a directory, but isn't that it.  Maybe I'm missing something. 
I mention this because when implementing original ACLs, I found it
awkard.  I had to check out each module so that it existed locally
before I could set the permissions.  Since, as an administrator,  I do
not actually code it most of these modules, this was a pain.  I also
could not run the command on the whole repository (unless I check out
with a top level CVS folder, and list each module name rather than a
".").    Is this the way it is designed, or am I just doing it the
hard way?

Thanks for the feedback

Mark Johnson