CVS CLIENT COMMAND-LINE INTERFACE TO ACL ========================================= Notation used in this document: CVS user name, a-la UNIX username. E.g.: alice bob-johnson CVS group name, a-la UNIX group, with leading "percent" (this is subject to discussion). E.g.: %devel %support-staff There are special groups called %all and %nobody with obvious meaning. Comma-separated list of s and s. Note that there could be a whitespace after the comma. E.g.: alice, bob-johnson, %devel. Space-separated list of files in current directory (for the "acl" subcommand) or from the top of repository (for the "racl" subcommand). Space-separated list of directories in current directory (for the "acl" subcommand) or from the top of repository (for the "racl" subcommand). Each directory should have trailing "slash" character for clarity. could be completely empty when using the "acl" subcommand. This means current directory in working copy. "racl" subcommand requires non-empty . Comma-separated list of branch-level file permissions. E.g.: checkin checkout There are common aliases for that: "ci", "co". Comma-separated list of directory permissions. E.g.: access modify [-r BRANCH] This option allows to specify the specific branch that this ACL applies to. It is more often used with "racl" subcommand, rather than with "acl", which takes the branch information from the working copy by default. Comma-separated list of module-level permissions. E.g.: tag tag:PREFIX branch branch:PREFIX (questionable, but simple to implement) The "tag:PREFIX" construct permits some user creating tags with names starting from PREFIX. Rationale: you could give release engineer rights to create tags with names starting from "RELEASE". Command lines for groups management: a. Creating a group: $ cvs group create b. Deleting a group: $ cvs group delete Note that when you delete a group which is listed somewhere in ACLs of some directory or a file it is not deleted from there: those entries are just ignored. This could turn out to be a caveat. There should probably be an "ACL checker" that should be run from time to time that cleans up obsolete entries. c. Adding users (or entire groups) to a group: $ cvs group add Note that adding entire groups is "symlink-style", not "copying-style". d. Deleting users (or entire groups) to a group: $ cvs group remove Command lines for ACL management: Note that there are two flavours of the "acl" subcommand: "acl" and "racl". They are somewhat like the "tag" vs "rtag" subcommands. The "acl" subcommand works only inside working copies, automatically appending the correct pathnames and extracting the branch information. The "racl" could be used without any working copy and requires that files and directory names be specified starting from the top-level repository directory. a. Setting ACL on files: $ cvs acl [-r BRANCH] b. Setting ACL on directories: $ cvs acl [-r BRANCH] c. Setting default file ACLs: $ cvs acl [-r BRANCH] default:: (The "default::" line is used there verbatim.) d. Setting ACL on modules (allowed only with "racl" command): $ cvs racl Notes: Please not that "recursive" operations are not implemented, and that's intentionally. Use default file operations instead. Remember that directory permissions are checked from the top. $Id: acl-cli.txt,v 1.1.2.3 2001/09/24 22:22:55 tyranny Exp $