Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Using cvs_acls to restrict commits

Status
Not open for further replies.

jpmigue

MIS
Mar 30, 2001
11
GB
Hi

I want to be able to restrict commits in a certain repository/stream and cvs_acls looks just the trick:


However, I have a large repository (approx. 5GB) and so was interested in the following excerpt:

2. Put two lines, as the *only* non-comment lines, in your commitinfo file:

ALL $CVSROOT/CVSROOT/commit_prep
ALL $CVSROOT/CVSROOT/cvs_acls [-d][-u $USER ][-f <logfilename>]

where "-d" turns on debug trace
"-u $USER" passes the client-side userId to cvs_acls
"-f <logfilename"> overrides the default filename used to log
restricted commit attempts.

(These are handled in the processArgs() subroutine.)

If you are using client-side userIds to restrict access to your repository, make sure that they are in this order since the commit_prep script is required in order to pass the $USER parameter.

A final note about the repository matching pattern. The example above uses ``ALL'' but note that this means that the cvs_acls script will run for each and every commit in your repository. Obviously, in a large repository this adds up to a lot of overhead that may not be necesary. A better strategy is to use a repository pattern that is more specific to the areas that you wish to secure.

Which indicates that I can restrict the precommit check to a repository pattern.

This does not work though and from my understanding unless ALL is specified, only the first line to match has its script executed hence cvs_acls never is.

Does anybody have any experience using cvs_acls in this way?

Cheers

James
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top