By: Greg Larkin, Managing Member, SourceHosting.net,
Date: April 24, 2006
CVSNT is an enhanced version of the standard
CVS server. It maintains complete compatibility, but adds a variety
of new features such as native repository module browsing, enhanced
merge support and access control lists (ACLs). We are going to
focus on ACLs in this article.
Software development teams are often comprised
of many different members these days, including permanent and contract
workers, as well as VARs and partner companies.
Often, it is useful to restrict access to some parts of your
source code repository, while granting full access to other parts.
For example, Acme Software Company has developed
a set of code libraries that other vendors use to build their applications.
Acme has decided to grant a limited source code license to these
vendors and would like to allow restricted access to its repository.
To do this, some CVSNT ACLs will be created.
First, a file named "group" should be added
to the CVSROOT module. The group file has the format:
group1: user1 user2 ...
group2: user3 ...
groupN: user4 ... userN
In our example, the repository administrator
at Acme Software creates new users for the clients who have purchased
a license and creates the group file like so:
internal: ac-acme1 ac-acme2 ac-acme3 ac-acme4
microsoft: ac-billgates ac-melindagates ac-steveballmer
apple: ac-stevejobs ac-woz
Notice that the group named "internal" represents
the users who work at Acme and should be granted full access to
the repository. Once that file has been committed to the CVSROOT
module, it's time to start assigning the actual ACLs.
ACLs are created with the "cvs chacl" command
in CVSNT. For people who use WinCVS, you can type arbitrary
CVS commands into the log window and execute them there. Simply
click in the log window and type "cvs version" for a quick example.
The following commands may also be typed in a DOS command prompt
window if you have the CVSNT client installed on your system.
Make sure that you are located in the top of
your CVS sandbox directory, whether using WinCVS or the CVSNT command
line tool in a DOS window. The following command grants full access
for the internal users:
cvs chacl -u internal -a all -R .
Next, assuming there are some directories in
the source tree for header files and code samples that the licensees
should have read-only access to, the following command implements
cvs chacl -u microsoft -a read -R Headers Samples
cvs chacl -u apple -a read -R Headers Samples
cvs chacl -u sun -a read -R Headers Samples
Next, each licensee is given an area to add
their code to the repository, but no licensee should be able to
retrieve another licensee's directory of code. The ACLs are configured
cvs chacl -u microsoft -a read,write,create
cvs chacl -u apple -a read,write,create
cvs chacl -u sun -a read,write,create -R Licensees/Sun
Finally, a command to create a default "no access"
ACL is executed:
cvs chacl -a none -R .
This ACL makes sure that the repository
is totally restricted unless one of the other preceding ACLs grants
There are as many different ways to configure
repository permissions as there are software development teams,
and we hope this example has given you an idea of the flexibility
provided by CVSNT ACLs.
CVSNT is a free upgrade option for SourceHosting.net
clients with standard CVS repositories, so ask
us to upgrade you today and reap the benefits of ACLs.
If you have questions or comments about this
article or need assistance configuring your repository permissions,