Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to email@example.com.
I would assume that if the user has full control he has traversal rights, am I correct? My user currently has full control and he is still unable to access the repository. Furthermore since I have the repository directory shared he can browse into the repository from Explorer so I'm almost positive that he has traversal rights. (yes I know I don't need share this forlder for CVS to work, but having direct access to the repository is helping me setup the repository.) When I said use a proxy user I didn't mean run the service as a differnet user I was talking about the option in the CVS control pannel applet called "Run as user" or maybe this is the same thing. I don't understand your statement about not logging in. The CVSNT documentation discusses logining in using this protocol. It does appear to work equally well for me either logged in or logged out. I'm only using SSPI because it seemed like the best option for working in a largely windows environment. Thanks, Matt S. "Peter Crowther" <Peter.Crowther at melandra.com> wrote in message news:mailman.336.1122971512.448.cvsnt at cvsnt.org... > From: [...] Matt Schuckmann > Are traversal rights read rights, or read write or? Neither. They're traversal rights - the equivalent of 'x' on directories in UNIX if I recall. They allow a user to use a name in a directory path in order to reach another file, even though they cannot read or write files in that directory, or even list the contents of the directory. > So even though he will never acces the repository files > directly I need to > give him read/write access to the repository? > That doesn't seem right? This is what SSPI does. If you use SSPI, then I believe CVS impersonates the user as it performs the file operations on the server (no doubt Tony will correct me if I'm off here). This has the advantage that you can control access to the CVS repository using NTFS permissions. It works exactly the same way as IIS using any of its authentication mechanisms, for example. If you don't want the system to work in this way, you should not be using SSPI; use one of the other protocols where the CVSNT server doesn't have enough information to impersonate a Windows user. As I only use SSPI on the server I manage, I'm afraid I can't give you further hints as to what might be an appropriate protocol in this case. > Should I be using a proxy user for the service to run under > or am I not understanding something? No. The CVSNT service must run as LocalSystem, otherwise it can't do the impersonation mentioned above. I can demonstrate a working system where the user accessing the repository (on Win2K, not 2K3) is an Active Directory user, and the CVS repository is not on the domain controller. So, no, you don't need to create a user on the CVSNT server as long as both it and the client are domain members and the user is logged in using their domain account. By the way, you mentioned that you could perform a CVS login? Under SSPI, this is one thing you definitely should *not* be doing. Have you tried SSPI without starting with a login? (and, indeed, after forcing a logout)? - Peter