Discussion :

[mathws]

Bonjour à tous,

Avant de commencer à formuler ma requête, je tiens à vous préciser que je ne connais pas grand chose de CVS hormis quelques faibles bases et biensur son fonctionnement général.

Je souhaite pouvoir restreindre l'accès à certains utilisateurs (no read) mais pas par l'intermédiaire d'un dossier, mais bien fichier par fichier.

En effet, je désire que certains utilisateurs ne voient pas (et ne peuvent pas récuperer) certains fichiers (qui ont tous une extension commune) au sein d'un même dossier.

J'aimerai donc savoir si c'est possible avec CVS (ou subversion si c'est necessaire je peux l'installer) et surtout COMMENT ?

Ce qui serait parfait c'est un filtre d'affichage/accès par extension, mais je doute fort que ce soit possible bien que je ne connaisse presque rien à ce programme. Et sinon gérer les autorisations fichiers par fichiers dans la configuration du serveur.

Merci à tous de votre lecture et de votre aide.

Mathieu.

[ego]

Issu de la doc CVSNT

Setting permissions for files and directories
CVSNT has its own access control mechanism that is aware of branches and other CVSNT features. There are currently 5 access that can be set, and 3 ways of matching the access entry.

The access permissions are as follows:

read
User is able to read the file, or for a directory access files within that directory

write
User is able to commit a new revision to the file or directory

create
User is able to add new files to the directory.

tag
User is able to tag the file or files within the directory.

control
User is able to modify the access controls for the file or directory. This right is granted automatically to the file owner and to repository administrators.

Each access entry has 3 attributes which define which situations it applies to.

Username (-u)
Defines that this access entry applies to a single user or group. Where this is specified it is the most significant attribute.

Branch (-r)
Defines that this access entry applies to a single branch or tag. Where this is specified it is the second most significant attribute.

Merge (-j)
Defines that this access entry applies when a merge is attempted from the specified branch.

There are also 3 optional attributes that may be specified for each access entry.

Message (-m)
Define a custom message displayed to the user when an action fails due to this entry.

Priority (-p)
Normally CVSNT prioritises access entries using a 'best fit' match, with ambguities solved as described above. In exceptional cases it may be necessary to override this behaviour. Specifying a priority over 100 is guaranteed to be higher than the caculated priorities, and will ensure that this ACL entry overrides all others.

Inheritance (-n)
Normally directory access control entries automatically inherit, which means setting an access control entry on the root of a module affects all directories below it, unless overriden by an entry further down the tree. This option supresses that behaviour.

Access permissions are modified using the cvs chacl command. For example:

cvs chacl -a read,write -u theuser dir1 dir2 dir3

will grant the user named theuser read and write access to the three specified directories.

To view the current permissions the cvsnt lsacl command can be used. It will show the owner and all the users that have permissions in the given directories.

If the user name is not specified, those permissions will be given to all users of the directory, if not overriden by other entries. This is an easy way to give everyone read access to a directory, for instance.

For a user to have access to a directory, they must have at least read access to all the directories above it. If a user has a 'no access' ACL on a parent directory they cannot be granted access to directories below it.

The owner or a directory can be reassigned using the cvsnt chown command.