Hi
I want to be able to restrict commits in a certain repository/stream and cvs_acls looks just the trick:
However, I have a large repository (approx. 5GB) and so was interested in the following excerpt:
Which indicates that I can restrict the precommit check to a repository pattern.
This does not work though and from my understanding unless ALL is specified, only the first line to match has its script executed hence cvs_acls never is.
Does anybody have any experience using cvs_acls in this way?
Cheers
James
I want to be able to restrict commits in a certain repository/stream and cvs_acls looks just the trick:
However, I have a large repository (approx. 5GB) and so was interested in the following excerpt:
2. Put two lines, as the *only* non-comment lines, in your commitinfo file:
ALL $CVSROOT/CVSROOT/commit_prep
ALL $CVSROOT/CVSROOT/cvs_acls [-d][-u $USER ][-f <logfilename>]
where "-d" turns on debug trace
"-u $USER" passes the client-side userId to cvs_acls
"-f <logfilename"> overrides the default filename used to log
restricted commit attempts.
(These are handled in the processArgs() subroutine.)
If you are using client-side userIds to restrict access to your repository, make sure that they are in this order since the commit_prep script is required in order to pass the $USER parameter.
A final note about the repository matching pattern. The example above uses ``ALL'' but note that this means that the cvs_acls script will run for each and every commit in your repository. Obviously, in a large repository this adds up to a lot of overhead that may not be necesary. A better strategy is to use a repository pattern that is more specific to the areas that you wish to secure.
Which indicates that I can restrict the precommit check to a repository pattern.
This does not work though and from my understanding unless ALL is specified, only the first line to match has its script executed hence cvs_acls never is.
Does anybody have any experience using cvs_acls in this way?
Cheers
James