SetAcl

SetAcl UserPreferences

The CVSNT Wiki FrontPage RecentChanges TitleIndex WordIndex SiteNavigation HelpContents moin.sf.net

--------------------------------------------------------------------------------

1. SetACLS aka How I Set Up CVSNT Permissions
Setup Access Control Lists using NTFS permissions and local groups. Author: Glen Starrett (glen at starrett dot name)
TO DO: This page needs to be renamed / reworked to better include information on the chacl and lsacl commands. They allow a different layer of access control.

1.1. NTFS ACL's Permissions vs. CVSNT's ACL functions
NTFS is file, group, and user based. This is they way NT administrators normally control file access to specific files and directories, based on the NT account user and the groups it is a member of.
CVSNT's chacl function is directory, user, and branch based. It allows the CVS repository administrator to set permissions based on which branches a user is working on. This allows you to prevent accidental commits anywhere but the branches that the developer is specifically allowed to commit on.

The author of this page uses both together: NT ACL's to prevent unauthorized access to the repositores, and CVSNT's ACL's to prevent the developers from committing to the wrong branch. However, this document only describes the NTFS ACL setup (the CVSNT ACL setup is easy but significant).

TO DO: Clarify this section, list alternative ways of controlling permissions (e.g. "commit" script).

SetACLS.txt

rem $Id: set-acls.cmd,v 1.8 2003/10/01 23:33:14 gstarrett-admin Exp $
@echo off
echo set-acls.cmd
echo by Glen Starrett, 2003
echo last updated: 9/1/2003
echo.
echo This software is free to use, modify, copy, and distribute.
echo.
echo Purpose: Reset Access Control Lists for CVS repositories
echo with NTFS permissions appropriate for CVS.
echo.
echo *** WARNING ***
echo This script makes LARGE assumptions about where it is being run
echo and subdirectory names that are used. DO NOT use it if you have
echo not reviewed it first!! The author is not responsible for any
echo consequences of running this script.
echo.
echo Note: This requires the CACLS utility from the NT resource kit.
echo.
echo Press [CTRL-C] to stop the batch now or
echo.
echo Assumes the following directory structure:
echo d:cvsrepositories The CVS repositories prefix directory
echo d:cvstemp CVS Temp directory
echo.
echo For more information, go to http://www.cvsnt.org/wiki/SetAcl
echo.
pause

NET STOP CVS
pushd d:cvs

rem Reset temp
rmdir /s /q temp > nul
md temp > nul
echo Y| cacls temp /T /G CVSAdmins:F System:F CVSUsers:F Administrators:F >nul:

echo Reset permissions on all reportories

echo Y| cacls repositories /G CVSAdmins:F System:F CVSUsers:R Administrators:R >nul:
echo Y| cacls repositories*.* /G CVSAdmins:F System:F CVSUsers:R Administrators:R >nul:

echo Set up CVS repositories

cd repositories

echo Set CVSUsers RW and CVSAdmin-{respository} F on all files IN the repos
FOR /D %%F IN (*) DO echo Y| cacls %%F*.* /T /G CVSAdmins:F System:F CVSUsers:F Administrators:R >nul:

echo Set CVSUsers RO for CVSROOT
FOR /D %%F IN (*) DO echo Y| cacls %%FCVSROOT /T /E /P CVSUsers:R >nul:

echo Set CVSUsers RW for HISTORY and val-tags
FOR /D %%F IN (*) DO echo Y| cacls %%FCVSROOThistory /T /E /P CVSUsers:C >nul:
FOR /D %%F IN (*) DO echo Y| cacls %%FCVSROOTval-tags /T /E /P CVSUsers:C >nul:

echo Add CVS Repository Admin permissions
FOR /D %%F IN (*) DO echo Y| cacls %%F /T /E /P CVSAdmin-%%F:F >nul:

popd
NET START CVS