[cvsnt] Windows permission settings with SSPI

anaheim at luukku.com anaheim at luukku.com
Fri Nov 4 14:12:21 GMT 2005


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


Hello,

I'm setting up CVSNT (2.5.02.2115) on a Windows 2003 server. The only protocol to be supported is SSPI and that how it's set up. I've setup permission to the CVS repository folder and CVSTEMP folder (both on a local NTFS disk) as described in http://www.cvsnt.org/wiki/InstallationTips chapter "4.12. Fine-tuning user access of CVS".

We're going to have different usergroups that develop different CVS modules, so each module should have restricted access for only one usergroup. Each of these usergroups belong to group "G-cvs-users-all" that has the appropriate rights to CVSROOT folder.

So I defined that module "abc" can be accessed only by group "G-abc" and module "xyz" only by group "G-xyz". When a user that belongs only to group "G-xyz" says on her client (TortoiseCVS 1.8.22):
C:\>cvs -d :sspi:DOMAIN\USERNAME at server:/CVSREPO ls
Listing modules on server

cvs server: cannot open /CVSREPO/abc/CVS/Tag: Permission denied
cvs server: cannot open abc/CVS/Tag: Permission denied
cvs [server aborted]: Couldn't open RCS file /CVSREPO/abc/.directory_history,v: Permission denied

If I give group "G-xyz" permissions to "List Folder Contents" on module "abc" it works, but still says:
C:\>cvs -d :sspi:DOMAIN\USERNAME at server:/CVSREPO ls
Listing modules on server

cvs server: cannot read /CVSREPO/abc/CVS/fileattr.xml: Permission denied
abc
xyz

Of course it works fine, if I give also read access to group "G-xyz" on module "abc":
C:\>cvs -d :sspi:DOMAIN\USERNAME at server:/CVSREPO ls
Listing modules on server

abc
xyz

What I'm trying to say here is that should the CVS ls command ignore the modules that the user has no rights to. Or perhaps behave like this:
C:\>cvs -d :sspi:DOMAIN\USERNAME at server:/CVSREPO ls
Listing modules on server

cvs server: No access to abc
xyz

One more thing: modules are not listed in CVSROOT/modules -file. And hopefully will not be since updating that file would be a burden for the administrators.

Yours,
Antti

...................................................................
Luukku Plus paketilla pääset eroon tila- ja turvallisuusongelmista.
Hanki Luukku Plus ja helpotat elämääsi. http://www.mtv3.fi/luukku




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook