[cvsnt] Yet Another Security Question

Lawson.Reed Reed.Lawson at IGT.com
Thu Feb 27 20:31:04 GMT 2003

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


First, I'd like to say that CVSNT and WinCVS have been performing
here in a test case at IGT. It has impressed the socks off everybody. I'm
working on addressing the "powers" concerns before we deploy this all over
company. One of them is Access Control and I'm trying to come up with a

We are totally Windows based here (mostly XP), so rather than have a
access control system (with SystemAuth = Yes, using a passwd file and chacl,
I thought I'd just use the normal NT4 type Access Control, meaning, 
right click the folder on the server, select Properties the Security and
who can access that folder or file or tree. That seems to work just fine...

First of all, is this a bad idea? Is there some advantage in the other 
SystemAuth = Yes approach? Am I missing something here?

The thing that I just discovered does not work is "cvs admin <anything>". I
get the
    cvs [admin aborted]: usage is restricted to members of the group

So, I started reading the docs and saw this in cvs.html...
3.7 Repository administrators 
      If SystemAuth = Yes the user is considered to be an administrator of
      are listed in the CVSROOT/admin file or if they are in the
      group (NT) or 'cvsadmin' group (Unix). 

      If SystemAuth = No only the CVSROOT/admin file is checked. 

Since I'm a "no" on SystemAuth , I created that admin file in the CVSROOT of
repository (thanks Glen Starrett) but unlike Glen, my result was no
Is the admin file all I need or is there something else I need to do? I AM
the Administrators group on the server, but, not on the domain. By the way,
the admin file I tried several names:

rlawson                 <-- That's my login to the NT4 domain.
engineering\rlawson     <-- That's what's on the CVSROOT line.
engineering\\rlawson    <-- Just in case some unix code removes the first \.
engineering/rlawson     <-- Worth a try.
engineering#rlawson     <-- this is what $USER expands to in the loginfo
rlawson at engineering     <-- Worth a try.

none of these work.

My CVSROOT is :pserver:engineering\rlawson at fe408886:/work
CVSNT Control panel settings:
    My server is build 66
    Server side support for ntserver protocol ON
    Impersonation enabled ON
    Use local users for pserver auth instead of domain users OFF
    Repository Prefix is D:/CVSROOT
    Valid repository roots /work
I put my admin file in D:\CVSROOT\work\CVSROOT on the server.
In my config file, the only thing that is no a comment is this:

See any reason why no one can use "cvs admin"??
BTW, I'm trying "cvs admin" on a client machine where everything else is
just fine. I'm also using the 'cvs' that comes with WinCVS. Is that my
Here is the cvs -v output....
cvs -v 

Concurrent Versions System (CVS) 1.10.8 (client)

Copyright (c) 1989-1998 Brian Berliner, david d `zoo' zuhn, 
                        Jeff Polk, and other authors
Win32 version (Nov 24 2000) Copyright (c) 1999-2000 Tony Hoyle and others
see http://www.cvsnt.org

CVS may be copied only under the terms of the GNU General Public License,
a copy of which can be found with the CVS distribution kit.

Specify the --help option for further information about CVS

Thanks for your help!
Reed Lawson
IGT Firmware Engineering
(775) 448-0755

More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook