DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

(cvs.info.gz) Read-only access

Info Catalog (cvs.info.gz) Remote repositories (cvs.info.gz) Repository (cvs.info.gz) Server temporary directory 
 
 2.10 Read-only repository access
 ================================
 
 It is possible to grant read-only repository access to people using the
 password-authenticated server ( Password authenticated).  (The
 other access methods do not have explicit support for read-only users
 because those methods all assume login access to the repository machine
 anyway, and therefore the user can do whatever local file permissions
 allow her to do.)
 
    A user who has read-only access can do only those CVS operations
 which do not modify the repository, except for certain "administrative"
 files (such as lock files and the history file).  It may be desirable
 to use this feature in conjunction with user-aliasing ( Password
 authentication server).
 
    Unlike with previous versions of CVS, read-only users should be able
 merely to read the repository, and not to execute programs on the
 server or otherwise gain unexpected levels of access.  Or to be more
 accurate, the _known_ holes have been plugged.  Because this feature is
 new and has not received a comprehensive security audit, you should use
 whatever level of caution seems warranted given your attitude concerning
 security.
 
    There are two ways to specify read-only access for a user: by
 inclusion, and by exclusion.
 
    "Inclusion" means listing that user specifically in the
 `$CVSROOT/CVSROOT/readers' file, which is simply a newline-separated
 list of users.  Here is a sample `readers' file:
 
      melissa
      splotnik
      jrandom
 
 (Don't forget the newline after the last user.)
 
    "Exclusion" means explicitly listing everyone who has _write_
 access--if the file
 
      $CVSROOT/CVSROOT/writers
 
 exists, then only those users listed in it have write access, and
 everyone else has read-only access (of course, even the read-only users
 still need to be listed in the CVS `passwd' file).  The `writers' file
 has the same format as the `readers' file.
 
    Note: if your CVS `passwd' file maps cvs users onto system users
 ( Password authentication server), make sure you deny or grant
 read-only access using the _cvs_ usernames, not the system usernames.
 That is, the `readers' and `writers' files contain cvs usernames, which
 may or may not be the same as system usernames.
 
    Here is a complete description of the server's behavior in deciding
 whether to grant read-only or read-write access:
 
    If `readers' exists, and this user is listed in it, then she gets
 read-only access.  Or if `writers' exists, and this user is NOT listed
 in it, then she also gets read-only access (this is true even if
 `readers' exists but she is not listed there).  Otherwise, she gets
 full read-write access.
 
    Of course there is a conflict if the user is listed in both files.
 This is resolved in the more conservative way, it being better to
 protect the repository too much than too little: such a user gets
 read-only access.
Info Catalog (cvs.info.gz) Remote repositories (cvs.info.gz) Repository (cvs.info.gz) Server temporary directory
automatically generated byinfo2html