Re: filesystem ACLs vs. CVS

[Greg A. Woods]

[ On Friday, February 22, 2002 at 12:35:01 (-0800), Noel Yap wrote: ]
> Subject: Re: filesystem ACLs vs. CVS
>
> I think the only scenario this might occur in is if
> they're trying to manage third-party source.  The only
> thing I can think of to manage such source would be to
> use some sort of trusted OS (ie one that manages
> permissions more securely than standard OS's).  Here's
> one such OS: http://www.trustedbsd.org/

If you're managing third-party source then you'd damn well better get
the proper security clearance for all your programmers to work on all
the source all at once!  Such a scenario is idiotic.

> > No, you can't control the group owner of the files
> > either, at least not
> > without going to a great deal of effort (i.e.
> > internally re-engineering
> > how CVS re-writes ,v files).
> 
> This part can be done using a loginfo script (assuming
> the user can chgrp to the particular group).

No, it can not really be done that way -- certainly not for remote
clients....

Indeed my idea for the '-u' and '-o' modules options fails for remote
clients too.....  I should have mentioned that....  sorry.....

> I've been able to create a loginfo script that would
> recreate the file ACLs based on the ACLs of the parent
> directory (default ACLs are no good since they make
> the files writable and executable).  But if the user
> needs to control ACLs on a per-file basis, they're out
> of luck short of changing their OS.

Did it work on remote clients?
(as far as I can tell that would be impossible)

-- 
                                                                Greg A. Woods

+1 416 218-0098;  <address@hidden>;  <address@hidden>;  <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>