[cvsnt-dev] patches for script_trigger.cpp and server.h

[Arthur Barrett]

Chuck,

>>> 2.  Allow a centralized script location defined in the "script.name"
>>> file.  With many repositories on a single box, making a change to a
>>> script that must live in every CVSROOT is an administration nightmare.
>>
>> What are everyone else's thoughts on this one?
>>
> Furthermore, all the other scripting situations such as loginfo run things 
> in other places on the box if you choose.

A jail enforces the rule that only things within the jail can be ran (again 
it's a unix/linux thing, not replicatable on windows)

As far as I know CVSNT shouldn't run scripts outside of CVSROOT anyway, but 
it's a very long time since I looked at all the why's and wherefore's in 
that area.  It certainly is true that if a user has write access to CVSROOT 
directory in the repo then they may as well be considered root users on the 
box.

If I was giving our CM Design and CVSNT Administration course and someone 
proposed what you've done with the 'single script location for all repos on 
a server' I'd ask 'what rule governs when to create a new repository?'. 
Generally our 'best practice' recommendation is to create a new repo on a 
server when you need different scripts/rules for the new repo.

Security considerations aside - if all these repo's are using the same 
rules - why not just have one repo (aside from historical reasons)?  Each 
directory can have different ACLs so that can't be the reason - user FRED 
can be only valid for the module 'project/a' and user MARY can be valid only 
for the module 'project/b'.

The reason why I ask is just that I need to explain to (new) users when they 
ask me: "when do I use this option 'use same script for all repos'?" versus 
"when do I create a new repo?".

Regards,


Arthur