WinCVS + CVSNT permission settings

xiaoxiao2021-04-02  218

The following is some of my experience I have recently configured CVSNT (2.5) and WinCVS (2.0) in the company. Ordinary is a lot of information on WinCVS and CVSNT operations. You can find it yourself. About permission settings are relatively small and scattered. So I made it finished, and I've been explained in the place where it is easy to happen.

Suppose WinCVS and CVSNT have been installed, and a warehouse is established. Complete the operation of the login and import.

(1) Administrator logins After passing the CVSROOT directory of the server in the server (Checkout) to a working directory, such as "admin". See "Export Module" for details.

CVS in CVS Introduction:

The directory permissions supported by the system are as follows:

R (read permissions)

W (write permission)

c (create and delete permissions)

N (no permissions)

By default, any user has all permissions of any directory.

In any case, only the owner and administrator of the directory have the authority to change the credit. Here's how to modify the owner of the directory authority and directory.

(2) Management of the cvsroot directory:

The cvsroot directory is established by NTCVS when creating a warehouse. The file containing many information about the warehouse.

When the authentication password, the server first checks users in the cvsroot / passwd file. If you find a user, you can authenticate according to the permissions management method built in the CVS. If not found, or the passwd file does not exist, the server will use the user authentication mechanism of the operating system. For security, CVS's built-in permission management should be used. The specific method is as follows:

1) Create file passwd in the server cvsroot directory (not created automatically when adding users). For security reasons, the Passwd will not be column in the checkoutList file by default. This file will not be exported both from the client to CVSROOT. Go to the cvsroot directory in WinCVS. Click on the main menu "Admin-> Command Line" or "Ctrl L" pop up the command line dialog. Enter the increasing administrator in the dialog box:

CVS passwd -a -r systemuser username

// Establish a user with the system user systemUser with the same permissions, the username is UserName.

// When a user binding system user is deleted, the user cannot log in.

Or cvs passwd -a username

// Establish a user name username

Enter a password in the dialog box that pops up twice. Confirm. At this time, you can see that the Passwd file is more than one line:

Username: CUXQWLMDozhns: Systemuser

Or username: Cuxqwlmdozhns

When adding administrators, the first method should be used: command is:

CVS passwd -a -r administrator username

The first command is recommended in the actual operation. Users using the second command increase sometimes appear in login (not clear).

2) Modify the configuration file CONFIG under CVSROOT, join a line: "SystemAuth = no" where no indicates whether the user password authority is correct in use with passwd. YES is the default value, indicating whether the user checks the permissions correct if the user does not exist in the Passwd file, which uses the credential management function built into the CVS.

Then create the admin file under CVSROOT. This file is a file specified by the administrator list of CVSNT, and CVSNT determines whether a user is an administrator according to this file. The content of the file is a list of users. as follows:

User1

User2

User3

These representatives USER1, USER2, and User3 are administrators, before CVS as a server administrator user as its own administrator.

3) Add file readers, Writers under CVSROOT to control the user's read and write permissions. The content per line of the file is the same as the admin file. The format is: the username carries.

Special attention is that only the users in the Writer file can be read and submitted. Users in Readers can only read, and users in both files can only be read. There must be an administrator's username in the Writers file. Because administrators will involve reading and writing of files when operating control. Don't write these two files for general users.

This completes the permission settings for the CVSROOT directory. Users who are not in Readers and Writers files will not export CVSROOT this module. Users only in the Readers file can export operation but cannot be submitted. Users only in the Writers file can be exported and submitted to modify operations.

Let's talk about the steps: do not use the system administrator and create the administrator of your own:

1. Use the command cvs passwd -a -r administrator username to create an administrator user with the Administrator has the same permissions.

2. Add this administrator's username in the admin file.

3. Add this administrator's username in the Writers file.

4. Add a row code in the config file: systemAuth = NO, so you can't use the Administrator to operate using the administrator you build.

(3) Settings to general directory permissions

1) Configure the CVS library module file modules

First import two modules from the client. For example, TEST and LOCALDIR. Add the following 3 lines in Modules:

CvsRoot CvsRoot

Catalog 1 -a Localdir

Catalog 2 -a Test

The first list is a description information, the second list is parameter or space. The third list is a relative path. If the description information and relative paths are different, parameters "-a" are required.

When exporting the module (Remote-> Checkout Module), you can click on the "..." button next to the Module Name and Path on the Server column:

This allows the client more convenient to make Module selection.

2) Permission configuration for each module

Module is a separate directory under the warehouse. There are two ways to set permissions for Module. The first is manual configuration, with a subdirectory CVS in the module directory, there is a fileAttr.xml file inside. Open the file before being set as follows:

Administrator

Set the owner of the directory between . The owner and administrator of the directory have power to change the use of the directory. When the directory permissions are not set, all users have all permissions other than changing directory permissions. Add the following code between to demonstrate all users' default permissions for the directory.

Add the following code between to indicate the user user's permissions to create, read and write, and comments. The owner of the catalog also provides permission settings through the following code.

After adding the above code, the documents are as follows:

User

The second method is to set the command, which is also a command to modify the fileAttr.xml file for permission settings. The specific method is to log in to the administrator as an administrator in WinCVS and export the module to be set. Check Module, display the file information of the module in the file information bar. Open the Command Line dialog Enter the following command to set.

Command format:

CVS chacl [-r] [-r branch] [-U user] [-j branch] [-n] [-P priority] [-M message] [-A [no] {read | write | crete | tag | Control | all | none} [, ...]] [-d] [file or directory ...]

-A Access Set Access (Setup Permissions)

-d Delete ACL (Delete Control Permissions)

-j branch apply when merging from branch (Application when merged branch)

-M Message Custom Error Message (Custom Error Message)

-n do not inherit ACL

-P Priority Override ACL Priority (Not being managed by directory permission)

-r Branch Apply to Single Branch (Applications on a single branch)

-R Recursively Change Subdirectories (Nested Setup Permissions, the same directory permission settings for each subdirectory)

-u User Apply to Single User (Applications in a single user)

For example, CVS chacl -r -a none // cancels all users' default permissions, all access is prohibited.

CVS chacl -r -u user -a ie // Sets the permissions read by the user User.

Change the directory owner by the following code:

CVS Chown Dirowner // Dirowner is an administrator to be set

Display the information of the directory by the following code:

CVS LSACL

In both methods, the second method is relatively simple, it is not easy to make mistakes. However, in the second method, it can be set in the first method. The commands in the first method are slightly different from previous versions. Take a specific format.

You can complete the permission settings for the directory above. In each directory under the module, a folder called CVS is automatically generated, with a fileAttr.xml file to control access to the directory. The method is the same. (3) About Groups of Groups

Packet: divide users with the same amount of permissions to a group, so it can be easily maintained. It is the meaning of the role, the method of dividing the partial access to the module is as follows:

a. New file group in the server-side cvsroot directory.

b. Establish a group in the file, the Group file content is as follows:

Group1: User1 User2 User3

Group2: User5 User6 User7

c. After the group is divided, the group is the same as the single user mode, the user and group can have phases.

The same permissions, such as selected modules, performing the following command to enable the user USER1 USER2 USER3 to have a read permissions for the module.

CVS chacl -r-u group1 -a write

Add the following code to the fileAttr.xml file, you can also make the user USER1 USER2 USER3 simultaneously with read and write to the module:

Note that Group here is not "".

转载请注明原文地址:https://www.9cbs.com/read-131353.html

New Post(0)