[cvsnt] ACL's with Domain groups and sspi

Mark Johnson amarkjohnson at gmail.com
Sat Sep 30 22:48:48 BST 2006


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


On 9/29/06, bwhicks at aep.com <bwhicks at aep.com> wrote:
 >Of course, traces need to be enabled in the server or it won't work.

Thanks for the tip.  Since -ttt returned a bunch of debug info, I did not
realize that I had not turned on traces on the server.  I now get more debug
info, including the output below:
- "admin_rwctn_DISABLE" is in CVSROOT\group, and I (mjohnso2) am a member of
this group.
- "cvsnonet" is the user  defined in the "run as user" setting, and
therefore is also a group in /etc/group, mjohnso2 is not a member of this
group.
- "cvsgroup" is a group in /etc/group, and the cvsnonet user is a member of
this group, but mjohnso2 is not.

These were the only three groups found.  Other groups exist in
CVSROOT/group, and /etc/group, but neither "mjohnso2" nor "cvsnonet" are
members.

None of the many domain group that "mjohnso2" is a member were found
(including T360).  Do I need to do something special to make cvsnt see the
domain groups?


16:32:48: S -> Checking admin file /cvs/testrepo/CVSROOT/admin for user
mjohnso2

16:32:48: S -> add_valid_group(admin_rwctn_DISABLE)
16:32:48: S -> add_valid_group(cvsgroup)
16:32:48: S -> add_valid_group(cvsnonet)
16:32:48: S -> cache_directory_permissions(/cvs/testrepo/majmodule)
16:32:48: S -> fileattr_read(/cvs/testrepo/majmodule)
16:32:48: S -> fileattr_read(/cvs/testrepo)
16:32:48: S -> verify_valid_name(mjohnso2)
16:32:48: S -> cache_directory_permissions(/cvs/testrepo/majmodule)
16:32:48: S -> ACL lookup on directory /cvs/testrepo/majmodule
16:32:48: S -> verify_acl(read,HEAD,(null))
16:32:48: S -> verify_valid_name(T360)
16:32:48: S -> matched ACL user=, branch=_default_, merge=
16:32:48: S -> calculated ACL priority is 0
16:32:48: S -> user_state = 0, group_state = 0
16:32:48: S -> no match at this level
16:32:48: S -> ACL lookup on directory /cvs/testrepo
16:32:48: S -> verify_acl(read,HEAD,(null))
16:32:48: S -> verify_valid_name(admin)
16:32:48: S -> matched ACL user=, branch=_default_, merge=
16:32:48: S -> calculated ACL priority is 0
16:32:48: S -> new max priority is 0
16:32:48: S -> user_state = 0, group_state = -1
cvsnt server: User mjohnso2 cannot read majmodule
cvsnt server: You do not have read privileges for this module

Thanks,
Mark Johnson


More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook