CVS user management is a complex and important part. Through CVS user management, you can create a CVS user and grant each user the permission to access each directory. For pserver login, strict permission restrictions must be imposed on the cvsroot directory of the resource library and all directories in the directory tree, this is because the $ cvsroot/cvsroot directory contains passwd and other files related to security audit. any user who has write access to these directories will be able to become any user on the system.
1. Prerequisites
Cvsnt user authentication methods are divided into two types: Windows users and cvsnt users coexist in a Hybrid Authentication mode, and cvsnt users in a single Authentication mode. By default, cvsnt users work in a Hybrid Authentication mode. The hybrid authentication method is used. The process of creating a cvsnt user is the process of creating a Windows user. Therefore, when there are many CVS users, it is not easy to manage. Therefore, a single authentication method is recommended.
The authentication methods and user configurations used by each resource library are determined by the configuration files in the cvsroot directory. There are several important files:
L Config File
The configuration file is used to control cvsnt verification. Note the first two lines of the file:
# Set this to 'no' if pserver shouldn't check system users/passwords
# Systemauth = Yes
The second line is the content to be modified. The default status is commented out. systemauth has two values: Yes and no:
Yes: pserver uses Windows users and cvsnt users for joint verification (if cvsnt users are not defined, Windows users are used for verification). The default value is yes, cvsnt is defined in the passwd file to be introduced later.
No: Only cvsnt users are used for verification.
This file can be modified on the client. Therefore, after detecting cvsroot, we can change the second line to systemauth = No and commit it to cvsnt to enable a single authentication method, note that after a single authentication method is enabled, the original Windows users will not be able to log on to CVS.
L admin file
This file saves the cvsnt administrator user list in the following format:
User1
User2
User3
Each row defines an administrator user. By default, this file is not available, but you can add and add it on the client and then commit it to cvsnt. However, this file does not take effect only, add it to the checklist file so that cvsnt can read the content of the file. The format of the file list added to the checklist is as follows:
[Space] File Name error message
The space before the file name must exist. Otherwise, an error occurs.
You can add the admin file to cvsnt and modify the checklist file commit to make the admin file take effect.
L passwd file
When the server is working in a single cvsnt User Authentication mode, this file defines the cvsnt user information, which stores the user name, user password, and alias information. This file does not exist by default. However, when cvsnt is still working in the Hybrid Authentication mode, we can log on as a system administrator and use the Add USER command to allow cvsnt to automatically create a passwd file.
Example of adding a user's command:
CVS passwd-r administrator-A cvsadmin
Then the system prompts you to enter the password. after entering the password, the server will create a new passwd file.
The content of this file is simple in the following format:
Cvsadmin: 6kj2yopeucacs: Administrator
Wangp: lm9pr9a1fal0u
Chu: unekuktsgm242
Take the first behavior as an example: cvsadmin as the user name, fqr1fs4gdghrt is the result of using the UNIX standard encryption function to encrypt the password, and administrator is the alias of the user, the Windows user name is used for Hybrid Authentication.
Note: This file cannot be modified on the client or checkout.
L group file
This file is a group that defines the system. We can classify users of the same nature into a group, and then assign permissions to the group by assigning permissions to users. In this way, users in A group have the same permissions. The group content is as follows:
Group1: user1 user2 user3
Group2: me you he
Group3: Tom Jerry
As you can see above, the content of this file is quite simple. First, the group name is followed by the colon, and then the user name. Separate multiple user names with spaces.
The group file can be created and modified on the client. You do not need to modify the checkoutlist file. The system will automatically build the file and make it take effect.
2. Create user 2.1 to set Environment Variables
Before creating a user on the command line, you must set two environment variables:
Cvsroot: Directory pointing to the server repository;
Path: Specifies the installation directory of cvsnt.
2.2 create a CVS user using the system administrator
Note that only the system administrator can create users in the system command line, and the CVS administrator cannot create users or modify user passwords.
1) Use the administrator user to retrieve the cvsroot directory;
> CVS Co cvsroot
2) enter the retrieved cvsroot directory in cmd;
3) run the CVS passwd-r administrator-A cvsadmin command to create a user and enter the user password. Here, the administrator user is used as the alias. You can use the user name in other systems to create a user, however, these users may not be used by cvsnt because they do not have the permission to write temporary files in the default Temporary Folder, so the client cannot work normally. If you add permissions to this user, it brings security risks. Therefore, we recommend that you use the administrator user as an alias;
4) create a Windows user cvsuser with the permission of user.
5) run the CVS passwd-r cvsuser-a username command multiple times to create a CVS common user and assign the user name and password to each user using CVS;
6) create a text file admin in the retrieved cvsroot directory, fill in the repository administrator user in the file, such as cvsadmin, and upload the file to the server;
7) modify the checkoutlist file in the retrieved cvsroot directory, add a line of admin (Note that there must be spaces before and after, otherwise errors may occur), and upload the file to the server, so that the CVS server can automatically know the Administrator account through the new file;
8) modify the systemauth = No of the config file in the retrieved cvsroot directory, and remove the annotator #. before submitting the file, check whether your modification is correct, if the file is submitted, the cvsnt Authentication mode takes effect. In this case, Windows users cannot log on to CVS.
2.3 create a CVS user using the CVS Administrator
If the wincvs software is installed, you can use the previously created Administrator Account cvsadmin to create a CVS user even if the config file is modified.
1) log on to wincvs as a CVS administrator. Select a directory and change cvsroot.
2) If the user of the cvsroot in the current directory is not cvsadmin, change it to cvsadmin.
3) Select Manage command lines in wincvs, as shown in
In the displayed dialog box, enter:
CVS passwd-a Wang
You will also be prompted to set the password. After the password is created successfully, it will be output in the CVS log column:
CVS passwd-a Wang
Adding User wang@132.134.0.88
* ***** CVS exited normally with code 0 *****
You can also create other users. You can also directly enter the CVS command on the log output interface.
4) Check the passwd file in the cvsroot of the CVS server repository. You can find that Wang has been added to the passwd file to prove that the user has been created successfully.
3. configure individual user permissions
Only Administrators or users granted control permissions have the right To Configure permissions for users. The following describes how to configure permissions for a CVS user using the CVS Administrator Account cvsadmin created above.
1) log on with the cvsadmin user in wincvs, and change the cvsroot in this folder to log on with cvsadmin.
2) because the command line of wincvs does not support the CVS chacl command, you can directly input the chacl command in the wincvs output. Of course, the subsequent operations can also be completed in the system command line. To set permissions in the command line, you must first enter the folder directory. The command formats in the command line and in wincvs are different.
3) first, we will introduce the format in the command line:
(A) enter "CVS chown cvsadmin" and announce that the owner of the folder is the CVS administrator. After this command is executed, the "fileattr" in the "CVS" directory at the next level in the folder. XML "has been written to the parent of this directory.
(B) Use the "CVS chacl-A noread, nocreate, nowrite, nocontrol" command to set the default access permission for the folder.
(C) Use the "CVS chacl" command to set the ACL for the folder. The detailed description of the "CVS chacl" command is as follows:
CVS chacl [-R] [-r branch] [-u user] [-J branch] [-N] [-P priority] [-m message] [-A [No] {read | write | create | tag | control | all | none} [,...] [-D]
Or
CVS rchacl [-R] [-r branch] [-u user] [-J branch] [-N] [-P priority] [-m message] [-A [No] {read | write | create | tag | control | all | none} [,...] [-D]
Example: CVs chacl-r-a read, write-u user1
These parameters are described as follows:
Read Permission
Write Permission
Create Directory Creation permission
Tag creation permission
Control permission
All Permissions
None does not have any Permissions
By default, any user has all permissions for any directory.
Under any circumstances, only the directory owner and users with control permissions have the right to change the permission to use the directory.
It should be noted that there is no power between read, write, create, tag, and control. If you have the write permission, you may not have the read permission. If you only grant the write permission to a user, it cannot be read. A person with write permission is generally granted the read permission.
For create, you only have the permission to create a directory. If the directory contains files, you must have the write permission.
If a user has the control permission on a directory, the user can use the "CVS chacl" command to change the permission on the directory.
For all, if a user has all permissions on a directory, the user will have all permissions.
You do not need to have the wirte permission or the tag, but you should grant the read permission to the tag.
It should be noted that CVS can not only control permissions on directories, but also control permissions on files.
4) The command format in wincvs is as follows:
(A) Same as the command line setting method, enter "CVS chown cvsadmin" to announce that the folder owner is the CVS administrator.
(B) Use the "CVS chacl" command to set the ACL for the folder. The detailed description of the "CVS chacl" command is as follows:
CVS chacl-R [-r tag] {user | default}: [{[r] [W] [c] | [N]}] [directory...]
-R Recursion TO subdirectory
-R: Set permissions for Special Branches
The permission settings are less than the permissions that can be set in the command line, including:
R (read permission)
W (write permission)
C (create and delete permissions)
N (No permissions)
Note: This method is not successfully tested in wincvs and the error message is:
CVS [chacl aborted]: server does not support chacl
After you set the access permissions of each user through the preceding steps, you can use "CVS lsacl" to display the access permissions of all users in the folder. Alternatively, you can view the file by checking "fileattr. xml" in the "CVS" folder under the directory on the server side.
4. Configure group User Permissions
The method described in the previous section can only set permissions for a single user one by one. When there are too many project participants, it is difficult to use this method. In this case, you can use a group to divide groups and assign corresponding user permissions to each group. The procedure is as follows:
1) create a group file under the cvsroot directory of the cvsclient. Note that the file does not have an extension. The format of the group file is as follows:
Group1: user1 user2
Group2: user3 user4
Group3: user5 user6
For example, the content of a group file is as follows:
MANAGER: Zhang
LEADER: Chu
Developer: Wu Wang Huang Zhou wangp
2) commit the group file to the CVS server.
3) log on with the cvsadmin user in wincvs, and change the cvsroot in this folder to log on with cvsadmin.
4) Enter
CVS chacl [-R] [-r branch] [-u user] [-J branch] [-N] [-P priority] [-m message] [-A [No] {read | write | create | tag | control | all | none} [,...] [-D]
The user of [-u user] is replaced by the group name, for example:
CVS chacl-R-A write, read, create-u developer
In this way, all users in the developer group will have the read, write, and create permissions.
5 Remarks/precautions
Most of the CVS user management methods described in this section need to be used in combination with wincvs. Therefore, note the following when you do not need wincvs.
1) After cvsnt is installed, you must set the cvsroot variable to point to the cvsnt resource library storage path.
2) cvsnt adopts hybrid verification by default. Therefore, you can perform CVS operations directly on the command line. By default, the system administrator is used as the CVS administrator. In this case, you can directly create a user, but the user you create must be associated with the System user. Therefore, it is necessary to create a cvsuser system user. If the user is not associated with the created user, the user cannot log on and use CVS-related operations.
3) The CVS administrator cannot create a user. Only the system administrator can create a user. Therefore, you can change systemauth in config to no only after you have created all the users. After changing to no, only the CVS users can log on to CVS. The system administrator will not be able to log on to CVS, you cannot create a CVS user. In this case, you must change systemauth to yes again. However, if wincvs is installed, you can create it with wincvs.
4) In the end, there is a very important step in using wincvs for CVS user management. It is to change the cvsroot of the current file to the CVS administrator, I don't know how to set this step in the system command line. If you can set the cvsroot of the current directory in the command line, you can create a CVS user in the command line. The current solution is to set it in wincvs.