Rez P
2009-04-08 00:39:50 UTC
Hi
I've been trying to migrate our cvs repository from an old sun server to a new redhat server. The project was on hold for a while and I'm resuming again and have couple of questions. CVS was installed on the new RHLE server, a test tarball of the old(existing) repository was initialized, and configured and I can access it via the pserver method from my windows client machine using Wincvs or cvs command line, and do commits, etc.
Our repository is located at /cvs with 3 main directories underneath it, each representing an intra-department in our group. I would like each dept to have r/w access to their own directory but read-only access to the other 2 directories as well. And I came across this example or excerpt from the CVS manual which I think needs a bit more explanation as I find it a bit ambiguous, see below. I tested this feature or set up and I can login as a user mapping to cvs-foo and check out cvs-foo folder but can't see the cvs-bar folder and vice versa. How can I fine tune this set up so cvs-foo users can have r/o access to cvs-bar folder? If I implement the below method, which group should own CVSROOT? And should anyone be added to the readers/writers files? Thanks for your help and time.
----Excerpt----
"Suppose you want to grant some remote developers access to project foo, and others access to project bar, and you don't want developers from one project to have commit access to the other. You can accomplish this by creating project-specific user accounts and groups on the system and then mapping to those accounts in the CVSROOT/passwd file.
Here's the relevant excerpt from /etc/passwd
cvs-foo:*:600:600:Public CVS Account for Project Foo:/usr/local/cvs:/bin/false
cvs-bar:*:601:601:Public CVS Account for Project Bar:/usr/local/cvs:/bin/false
and from /etc/group
cvs-foo:*:600:cvs-foo
cvs-bar:*:601:cvs-bar
and, finally, CVSROOT/passwd:
kcunderh:rKa5jzULzmhOo:cvs-foo
jmankoff:tGX1fS8sun6rY:cvs-foo
brebard:cAXVPNZN6uFH2:cvs-foo
xwang:qp5lsf7nzRzfs:cvs-foo
dstone:JDNNF6HeX/yLw:cvs-bar
twp:glUHEM8KhcbO6:cvs-bar
ffranklin:cG6/6yXbS9BHI:cvs-bar
yyang:YoEqcCeCUq1vQ:cvs-bar
Some of the CVS usernames map onto the system user account cvs-foo and some onto cvs-bar. Because CVS runs under the user ID of the system account, you just have to make sure that the relevant parts of the repository are writeable only by the appropriate users and groups. If you just make sure that the user accounts are locked down pretty tight (no valid login password, /bin/false as the shell), then this system is reasonably secure (but see later in this chapter about CVSROOT permissions!). Also, CVS does record changes and log messages under the CVS username, not the system username, so you can still tell who is responsible for a given change."
----End of Excerpt----
_________________________________________________________________
Rediscover HotmailĀ®: Now available on your iPhone or BlackBerry
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009
I've been trying to migrate our cvs repository from an old sun server to a new redhat server. The project was on hold for a while and I'm resuming again and have couple of questions. CVS was installed on the new RHLE server, a test tarball of the old(existing) repository was initialized, and configured and I can access it via the pserver method from my windows client machine using Wincvs or cvs command line, and do commits, etc.
Our repository is located at /cvs with 3 main directories underneath it, each representing an intra-department in our group. I would like each dept to have r/w access to their own directory but read-only access to the other 2 directories as well. And I came across this example or excerpt from the CVS manual which I think needs a bit more explanation as I find it a bit ambiguous, see below. I tested this feature or set up and I can login as a user mapping to cvs-foo and check out cvs-foo folder but can't see the cvs-bar folder and vice versa. How can I fine tune this set up so cvs-foo users can have r/o access to cvs-bar folder? If I implement the below method, which group should own CVSROOT? And should anyone be added to the readers/writers files? Thanks for your help and time.
----Excerpt----
"Suppose you want to grant some remote developers access to project foo, and others access to project bar, and you don't want developers from one project to have commit access to the other. You can accomplish this by creating project-specific user accounts and groups on the system and then mapping to those accounts in the CVSROOT/passwd file.
Here's the relevant excerpt from /etc/passwd
cvs-foo:*:600:600:Public CVS Account for Project Foo:/usr/local/cvs:/bin/false
cvs-bar:*:601:601:Public CVS Account for Project Bar:/usr/local/cvs:/bin/false
and from /etc/group
cvs-foo:*:600:cvs-foo
cvs-bar:*:601:cvs-bar
and, finally, CVSROOT/passwd:
kcunderh:rKa5jzULzmhOo:cvs-foo
jmankoff:tGX1fS8sun6rY:cvs-foo
brebard:cAXVPNZN6uFH2:cvs-foo
xwang:qp5lsf7nzRzfs:cvs-foo
dstone:JDNNF6HeX/yLw:cvs-bar
twp:glUHEM8KhcbO6:cvs-bar
ffranklin:cG6/6yXbS9BHI:cvs-bar
yyang:YoEqcCeCUq1vQ:cvs-bar
Some of the CVS usernames map onto the system user account cvs-foo and some onto cvs-bar. Because CVS runs under the user ID of the system account, you just have to make sure that the relevant parts of the repository are writeable only by the appropriate users and groups. If you just make sure that the user accounts are locked down pretty tight (no valid login password, /bin/false as the shell), then this system is reasonably secure (but see later in this chapter about CVSROOT permissions!). Also, CVS does record changes and log messages under the CVS username, not the system username, so you can still tell who is responsible for a given change."
----End of Excerpt----
_________________________________________________________________
Rediscover HotmailĀ®: Now available on your iPhone or BlackBerry
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009