Subversion hosting, CVS hosting, Bugzilla hosting and software collaboration Providing hosted Subversion, CVS and Bugzilla repositories

Controlling Repository Access With CVSNT ACLs

Go To My Account
Bugbox Icon


By: Greg Larkin, Managing Member,, LLC
Date: April 24, 2006

CVSNT is an enhanced version of the standard CVS server. It maintains complete compatibility, but adds a variety of new features such as native repository module browsing, enhanced merge support and access control lists (ACLs). We are going to focus on ACLs in this article.

Software development teams are often comprised of many different members these days, including permanent and contract workers, as well as VARs and partner companies. Often, it is useful to restrict access to some parts of your source code repository, while granting full access to other parts.

For example, Acme Software Company has developed a set of code libraries that other vendors use to build their applications. Acme has decided to grant a limited source code license to these vendors and would like to allow restricted access to its repository. To do this, some CVSNT ACLs will be created.

First, a file named "group" should be added to the CVSROOT module. The group file has the format:

group1: user1 user2 ...
group2: user3 ...
groupN: user4 ... userN

In our example, the repository administrator at Acme Software creates new users for the clients who have purchased a license and creates the group file like so:

internal: ac-acme1 ac-acme2 ac-acme3 ac-acme4
microsoft: ac-billgates ac-melindagates ac-steveballmer
apple: ac-stevejobs ac-woz
sun: ac-mcnealy

Notice that the group named "internal" represents the users who work at Acme and should be granted full access to the repository. Once that file has been committed to the CVSROOT module, it's time to start assigning the actual ACLs.

ACLs are created with the "cvs chacl" command in CVSNT. For people who use WinCVS, you can type arbitrary CVS commands into the log window and execute them there. Simply click in the log window and type "cvs version" for a quick example. The following commands may also be typed in a DOS command prompt window if you have the CVSNT client installed on your system.

Make sure that you are located in the top of your CVS sandbox directory, whether using WinCVS or the CVSNT command line tool in a DOS window. The following command grants full access for the internal users:

cvs chacl -u internal -a all -R .

Next, assuming there are some directories in the source tree for header files and code samples that the licensees should have read-only access to, the following command implements that restriction:

cvs chacl -u microsoft -a read -R Headers Samples
cvs chacl -u apple -a read -R Headers Samples
cvs chacl -u sun -a read -R Headers Samples

Next, each licensee is given an area to add their code to the repository, but no licensee should be able to retrieve another licensee's directory of code. The ACLs are configured like so:

cvs chacl -u microsoft -a read,write,create -R Licensees/Microsoft
cvs chacl -u apple -a read,write,create -R Licensees/Apple
cvs chacl -u sun -a read,write,create -R Licensees/Sun

Finally, a command to create a default "no access" ACL is executed:

cvs chacl -a none -R .

This ACL makes sure that the repository is totally restricted unless one of the other preceding ACLs grants access.

There are as many different ways to configure repository permissions as there are software development teams, and we hope this example has given you an idea of the flexibility provided by CVSNT ACLs.

CVSNT is a free upgrade option for clients with standard CVS repositories, so ask us to upgrade you today and reap the benefits of ACLs.

If you have questions or comments about this article or need assistance configuring your repository permissions, please contact us.



News (more...)

Articles (more...)

Sign up for or view archives




hosted solutions | pro servs | company | sales | support | resources
home | contact | client login

Copyright © 1999-2023, LLC. All Rights Reserved.
usage agreement | policies