| 1 |
On Friday 02 of January 2009 22:53:36 Robin H. Johnson wrote: |
| 2 |
> On Fri, Jan 02, 2009 at 01:40:09PM -0800, Alec Warner wrote: |
| 3 |
> > How hard would it be to change permissions on the ,v file for this and |
| 4 |
> > just run the use.local.desc updater as a user with different |
| 5 |
> > privileges? |
| 6 |
> |
| 7 |
> It does have different permissions. It's the directory permissions that |
| 8 |
> matter however. I already tried the file permissions. If we want to |
| 9 |
> truly block it while not affecting commits to the rest of the directory, |
| 10 |
> we need to add CVS ACLS, which I've been meaning to do, but just never |
| 11 |
> got around to. |
| 12 |
> |
| 13 |
> CVS does (the short version): |
| 14 |
> 1. Take a file-based lock (#A) for the target ,v file. |
| 15 |
> No writes permitted, reads are permitted. |
| 16 |
> 2. Build the new version of the ,v in the temp space. |
| 17 |
> 3. Copy the new version to a different name in the target directory. |
| 18 |
> 4. Upgrade lock #A, no reads permitted now. |
| 19 |
> 5. unlink the old ,v file |
| 20 |
> (the kernel checks the directory permissions, not the file perms). |
| 21 |
> 6. rename the new file into place. |
| 22 |
> 7. Release lock #A. |
| 23 |
|
| 24 |
What about creating a hook that checks if commited file is the one in question |
| 25 |
and fails the commit, if true? I don't know much about cvs hooks, however in |
| 26 |
svn it would be simple to setup. |
Archives