2 <html lang="en-us" itemscope itemtype="http://schema.org/Article">
5 <meta name="description" content=" Finished up on a CVS Adm Web App prototype. Still need to adapt this to real CVS repositories on web server...">
6 <meta name="generator" content="Movable Type 5.2.3">
7 <title>CVS Adm Web App Prototype - Status</title>
8 <link rel="alternate" type="application/atom+xml" title="Recent Entries" href="http://defaria.com/blogs/Status/atom.xml">
9 <link rel="canonical" href="http://defaria.com/blogs/Status/2005/07/cvs-adm-web-app-4.html">
10 <meta name="viewport" content="width=device-width,initial-scale=1">
11 <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles.css">
13 <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles_ie.css">
14 <script src="/mt/mt-static/support/theme_static/rainier/js/html5shiv.js"></script>
17 <link rel="start" href="http://defaria.com/blogs/Status/">
19 <link rel="prev" href="http://defaria.com/blogs/Status/2005/07/cvs-adm-web-app-3.html" title="CVS Adm Web App - per repository">
20 <link rel="next" href="http://defaria.com/blogs/Status/2005/07/cvs-adm-web-app-5.html" title="CVS Adm Web App Conf">
21 <!-- Open Graph Protocol -->
22 <meta property="og:type" content="article">
23 <meta property="og:locale" content="en-us">
24 <meta property="og:title" content="CVS Adm Web App Prototype">
25 <meta property="og:url" content="http://defaria.com/blogs/Status/2005/07/cvs-adm-web-app-4.html">
26 <meta property="og:description" content=" Finished up on a CVS Adm Web App prototype. Still need to adapt this to real CVS repositories on web server...">
27 <meta property="og:site_name" content="Status">
28 <meta property="og:image" content="/mt/mt-static/support/theme_static/rainier/img/siteicon-sample.png">
30 <meta itemprop="description" content=" Finished up on a CVS Adm Web App prototype. Still need to adapt this to real CVS repositories on web server...">
31 <link itemprop="url" href="http://defaria.com/blogs/Status/2005/07/cvs-adm-web-app-4.html">
32 <link itemprop="image" href="/mt/mt-static/support/theme_static/rainier/img/siteicon-sample.png">
37 <div id="container-inner">
38 <header id="header" role="banner">
39 <div id="header-inner">
40 <div id="header-content">
42 <a href="http://defaria.com/blogs/Status/">
51 <nav role="navigation">
53 <li><a href="http://defaria.com/blogs/Status/">Home</a></li>
62 <div id="content-inner">
63 <ul class="breadcrumb breadcrumb-list">
64 <li class="breadcrumb-list-item"><a href="http://defaria.com/blogs/Status/">Home</a></li>
65 <li class="breadcrumb-list-item">CVS Adm Web App Prototype</li>
67 <div id="individual-main" class="main" role="main">
68 <article id="entry-1662" class="entry entry-asset asset hentry">
69 <div class="asset-header">
70 <h2 itemprop="name" class="asset-name entry-title">CVS Adm Web App Prototype</h2>
71 <footer class="asset-meta">
72 <ul class="asset-meta-list">
73 <li class="asset-meta-list-item">Posted on <time datetime="2005-07-19T16:54:42-08:00" itemprop="datePublished">July 19, 2005</time></li>
74 <li class="asset-meta-list-item">by <span class="author entry-author vcard"></span></li>
77 <li class="asset-meta-list-item">in <a itemprop="articleSection" rel="tag" href="http://defaria.com/blogs/Status/lynuxworks/">LynuxWorks</a></li>
83 <div class="entry-content asset-content" itemprop="articleBody">
85 <li>Finished up on a CVS Adm Web App prototype. Still need to adapt this to real CVS repositories on web server</li>
87 <p>Vinnie So wrote:</p>
89 <blockquote type=cite>
92 I just cook up the information on what we need to get the cvs user administration project requirement going. Please review and add/modify what you think is necessary. Also, add the information you need.
98 <li>CVS Passwd file format:
100 <div class="code"><pre>
101 CVS User Name:Encrypted Password:System User:User Real Name:User Email:Groups</pre></div>
102 <p>Example of passwd file:</p>
103 <div class="code"><pre>
104 adefaria:88ZHm.yYFgFyI:lynxuser:Andrew DeFaria:adefaria@lnxw.com:int,cvsadmin
105 jdoe:78WHm.yYFgFyI:toolsuser:John Doe:jdoe@lnxw.com:tools
106 hyow:78WHm.yYFgFyI::Harry Yow:hyow@lnxw.com:test</pre></div></li>
108 <li>Writers file format: This file contains CVS User Name listing who has write only permission access to the CVS repository. One CVS User Name per line.
110 <br>Example of writers file:
112 <div class="code"><pre>
116 <li>Readers file format: This file contains CVS User Name listing who has read only permission access to the CVS repository . One CVS User Name per line.
118 <br>Example of readers file:
120 <div class="code"><pre>
126 <p>Readers/Writers file formats and their interaction is not that clearly defined in the CVS manual. I've attempted to document that <a href="000384.html#more">here</a>. Worse yet, it's even harder to ascertain after the fact from a web application. For example, if the web application is told that user john has only read access to repository X, which of the 5 cases (#2, #5, #7, #8 or #9) should the backend update the readers and writers files to look like?</p>
128 <p>Here's my simplification:</p>
130 <div class="code"><pre>
131 # CVS readers and writers files are a little weird. We will attempt
132 # to simplify here. If a user has read only access to a repository
133 # then we will explicitly list them in the readers file and make
134 # sure they are not in the writers file. If they have write access
135 # (thus implying read access) then we will arrange for them to be in
136 # the writers file and absent from the readers file as CVS treats
137 # users who are in both files as read only.
138 my $user = $user_record {userid};
139 my $access = $user_record {$repository};
141 if ($access eq "r") {
142 Remove $cvs_server, $repository, "writers", $user;
143 Add $cvs_server, $repository, "readers", $user;
144 } elsif ($access eq "rw") {
145 Remove $cvs_server, $repository, "readers", $user;
146 Add $cvs_server, $repository, "writers", $user;
148 Remove $cvs_server, $repository, "readers", $user;
149 Remove $cvs_server, $repository, "writers", $user;
153 <blockquote type=cite>
154 <p># The GUI Interface requirement:</p>
156 <p>CVS User cvsroot can to the following once authentication passed:</p>
159 <li>Administer the GUI interface</li>
163 <p>I don't know what that means.</p>
165 <blockquote type=cite>
167 <li>Add/delete attributes list
169 <div class="code"><pre>
170 group - int, csadmin, ce, engr, tools
171 system users - lynxuser, gduser, toolsuser</pre></div></li>
174 <p>CVS User belonging to group "cvsadmin" shall be able to do the following once authentication passed:</p>
181 <li>Modify user's attributes</li>
183 <li>Change user's permission to the cvs repository by modifying writer or readers files.</li>
186 <p>CVS User not belonging to group "cvsadmin" shall be able to do the following once authentication passed:</p>
189 <li>Change its own password</li>
193 <p>Well a prototype is up and running at http://saturn/cvsadm. First select a server then a repository. All files (passwd, groups, sysusers, readers, writers) are kept at the repository level and world write access is current required to the files. Locally I have set the cvsroot password to cvsroot123 (that is the CVS user's password not the system cvsroot user's password) so you can login as cvsroot then use Admin to edit other users, etc. Users who are members of the group cvsadm are considered no different than cvsroot themselves as they can add/change/delete users, groups and sysusers (the group cvsadm and the sysuser cvsroot cannot be deleted). Play around with it and let me know what you think.</p>
195 <p>Note, if a cvsroot user deletes a group the web app is smart enough to go back through the passwd file and remove the removed group from the users lists. So, for example, if vso is a member of int,badgroup,tools those groups will be listed in his passwd entry. If the cvsroot user deletes badgroup then vso's passwd entry will be adjusted to just int,tools. Also, if the cvsroot user edits tools to change it to toolchain then vso's passwd entry will then read int,toolchain.</p>
197 <p>With sysusers it's a little different. Technically sysusers should equate to bona fide Unix usernames. Yet there is no easy way to insure this. For one, how would the web server gain access to /etc/passwd on a remote machine? Also, sysusers are stored in a file in the repository's CVSROOT directory and can easily become out of date WRT that server's /etc/passwd file. So no checks are made to insure that a sysuser is indeed a Unix userid.</p>
199 <p>Finally, while if cvsroot edits say the sysuser lynxuser -> lynuxosuser, the passwd file will be modified by also changing all lynxuser's -> lynxosuser's. However if cvsroot deletes sysuser lynxuser the passwd file is not changed to remove the sysuser from the passwd lines. Doing so changes the meaning of the user entirely.</p>
201 <p>The backend, however, will need to change to properly handle the security of the various files as well as to properly use CVS to maintain a history (i.e. check out admin files, change them and check them in). The current thought is to set up the apache user as having login rights for cvsroot from the web server only.</p>
203 <p>In order for this to work we need to:</p>
206 <li>Create groups and sysusers files for each <host>:<repository></li>
208 <li>Add groups and sysusers files to checkoutlist so that CVS considers them part of the administrative files set.</li>
210 <li>Have cvsroot perform a cvs -d :pserver:cvsroot@<host>:<repository> login for each and every host:repository combination as whatever the apache user will be on the web server</li>
213 <p>Then the web app has to change to use a file store created by issuing a cvs co CVSROOT for the host/repository it is working on (and/or possibly a cvs update). Finally the web app needs to change to perform the necessary commit after a file (groups, sysusers, readers or writers - passwd will be handled differently - see <a href="http://www.network-theory.co.uk/docs/cvsmanual/cvs_30.html">http://www.network-theory.co.uk/docs/cvsmanual/cvs_30.html</a> - bottom of the page) has been changed with an appropriate checkin comment. Still at issue is how to handle the passwd file.</p>
215 <p>This should be done (setup) on the web server instead of my desktop. We should, perhaps, create a dummy repository for testing.</p>
217 <p>Let me know when this is available so I can start testing there.</p>
219 <nav class="page-navigation entry-navigation pagination content-nav">
220 <ul class="page-navigation-list">
222 <li class="page-navigation-list-item page-navigation-prev"><a rel="prev" href="http://defaria.com/blogs/Status/2005/07/cvs-adm-web-app-3.html" title="CVS Adm Web App - per repository">Previous entry</a></li>
225 <li class="page-navigation-list-item page-navigation-next"><a rel="next" href="http://defaria.com/blogs/Status/2005/07/cvs-adm-web-app-5.html" title="CVS Adm Web App Conf">Next entry</a></li>
230 <aside id="zenback" class="zenback feedback">
231 Please paste Zenback script code here.
238 <aside class="widgets related" role="complementary">
239 <nav class="widget-search widget">
240 <div class="widget-content">
241 <form method="get" id="search" action="http://defaria.com/mt/mt-search.cgi">
243 <input type="text" name="search" value="" placeholder="Search...">
245 <input type="hidden" name="IncludeBlogs" value="8">
247 <input type="hidden" name="limit" value="20">
248 <button type="submit" name="button">
249 <img alt="Search" src="/mt/mt-static/support/theme_static/rainier/img/search-icon.png">
255 <nav class="widget-archive-category widget">
256 <h3 class="widget-header">Categories</h3>
257 <div class="widget-content">
260 <ul class="widget-list">
263 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/ameriquest/">Ameriquest (99)</a>
271 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/audience/">Audience (3)</a>
279 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/broadcom/">Broadcom (76)</a>
287 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/gpdb/">GPDB (35)</a>
295 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/general-dynamics/">General Dynamics (61)</a>
303 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/general-electric/">General Electric (13)</a>
311 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/hewlett-packard/">Hewlett Packard (13)</a>
319 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/lynuxworks/">LynuxWorks (162)</a>
327 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/pqa/">PQA (35)</a>
335 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/salira/">Salira (79)</a>
343 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/tellabs/">Tellabs (2)</a>
351 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/texas-instruments/">Texas Instruments (31)</a>
363 <nav class="widget-archive-dropdown widget">
364 <h3 class="widget-header">Archives</h3>
365 <div class="widget-content">
367 <option>Select a Month...</option>
369 <option value="http://defaria.com/blogs/Status/2016/02/">February 2016</option>
373 <option value="http://defaria.com/blogs/Status/2014/09/">September 2014</option>
377 <option value="http://defaria.com/blogs/Status/2014/04/">April 2014</option>
381 <option value="http://defaria.com/blogs/Status/2014/03/">March 2014</option>
385 <option value="http://defaria.com/blogs/Status/2013/02/">February 2013</option>
389 <option value="http://defaria.com/blogs/Status/2012/09/">September 2012</option>
393 <option value="http://defaria.com/blogs/Status/2012/08/">August 2012</option>
397 <option value="http://defaria.com/blogs/Status/2012/05/">May 2012</option>
401 <option value="http://defaria.com/blogs/Status/2012/04/">April 2012</option>
405 <option value="http://defaria.com/blogs/Status/2012/02/">February 2012</option>
409 <option value="http://defaria.com/blogs/Status/2012/01/">January 2012</option>
413 <option value="http://defaria.com/blogs/Status/2011/10/">October 2011</option>
417 <option value="http://defaria.com/blogs/Status/2011/07/">July 2011</option>
421 <option value="http://defaria.com/blogs/Status/2010/09/">September 2010</option>
425 <option value="http://defaria.com/blogs/Status/2010/08/">August 2010</option>
429 <option value="http://defaria.com/blogs/Status/2010/04/">April 2010</option>
433 <option value="http://defaria.com/blogs/Status/2010/03/">March 2010</option>
437 <option value="http://defaria.com/blogs/Status/2010/02/">February 2010</option>
441 <option value="http://defaria.com/blogs/Status/2009/05/">May 2009</option>
445 <option value="http://defaria.com/blogs/Status/2009/04/">April 2009</option>
449 <option value="http://defaria.com/blogs/Status/2008/07/">July 2008</option>
453 <option value="http://defaria.com/blogs/Status/2008/05/">May 2008</option>
457 <option value="http://defaria.com/blogs/Status/2008/04/">April 2008</option>
461 <option value="http://defaria.com/blogs/Status/2008/03/">March 2008</option>
465 <option value="http://defaria.com/blogs/Status/2008/02/">February 2008</option>
469 <option value="http://defaria.com/blogs/Status/2008/01/">January 2008</option>
473 <option value="http://defaria.com/blogs/Status/2007/12/">December 2007</option>
477 <option value="http://defaria.com/blogs/Status/2007/11/">November 2007</option>
481 <option value="http://defaria.com/blogs/Status/2007/10/">October 2007</option>
485 <option value="http://defaria.com/blogs/Status/2007/09/">September 2007</option>
489 <option value="http://defaria.com/blogs/Status/2007/08/">August 2007</option>
493 <option value="http://defaria.com/blogs/Status/2007/07/">July 2007</option>
497 <option value="http://defaria.com/blogs/Status/2007/06/">June 2007</option>
501 <option value="http://defaria.com/blogs/Status/2007/05/">May 2007</option>
505 <option value="http://defaria.com/blogs/Status/2007/04/">April 2007</option>
509 <option value="http://defaria.com/blogs/Status/2007/03/">March 2007</option>
513 <option value="http://defaria.com/blogs/Status/2007/01/">January 2007</option>
517 <option value="http://defaria.com/blogs/Status/2006/12/">December 2006</option>
521 <option value="http://defaria.com/blogs/Status/2006/11/">November 2006</option>
525 <option value="http://defaria.com/blogs/Status/2006/10/">October 2006</option>
529 <option value="http://defaria.com/blogs/Status/2006/09/">September 2006</option>
533 <option value="http://defaria.com/blogs/Status/2006/07/">July 2006</option>
537 <option value="http://defaria.com/blogs/Status/2006/06/">June 2006</option>
541 <option value="http://defaria.com/blogs/Status/2006/05/">May 2006</option>
545 <option value="http://defaria.com/blogs/Status/2006/04/">April 2006</option>
549 <option value="http://defaria.com/blogs/Status/2006/03/">March 2006</option>
553 <option value="http://defaria.com/blogs/Status/2006/02/">February 2006</option>
557 <option value="http://defaria.com/blogs/Status/2006/01/">January 2006</option>
561 <option value="http://defaria.com/blogs/Status/2005/12/">December 2005</option>
565 <option value="http://defaria.com/blogs/Status/2005/11/">November 2005</option>
569 <option value="http://defaria.com/blogs/Status/2005/10/">October 2005</option>
573 <option value="http://defaria.com/blogs/Status/2005/09/">September 2005</option>
577 <option value="http://defaria.com/blogs/Status/2005/08/">August 2005</option>
581 <option value="http://defaria.com/blogs/Status/2005/07/">July 2005</option>
585 <option value="http://defaria.com/blogs/Status/2005/06/">June 2005</option>
589 <option value="http://defaria.com/blogs/Status/2005/05/">May 2005</option>
593 <option value="http://defaria.com/blogs/Status/2005/04/">April 2005</option>
597 <option value="http://defaria.com/blogs/Status/2005/03/">March 2005</option>
601 <option value="http://defaria.com/blogs/Status/2005/02/">February 2005</option>
605 <option value="http://defaria.com/blogs/Status/2005/01/">January 2005</option>
609 <option value="http://defaria.com/blogs/Status/2004/12/">December 2004</option>
613 <option value="http://defaria.com/blogs/Status/2004/09/">September 2004</option>
617 <option value="http://defaria.com/blogs/Status/2004/08/">August 2004</option>
621 <option value="http://defaria.com/blogs/Status/2004/07/">July 2004</option>
625 <option value="http://defaria.com/blogs/Status/2004/06/">June 2004</option>
629 <option value="http://defaria.com/blogs/Status/2004/05/">May 2004</option>
633 <option value="http://defaria.com/blogs/Status/2004/04/">April 2004</option>
637 <option value="http://defaria.com/blogs/Status/2004/03/">March 2004</option>
641 <option value="http://defaria.com/blogs/Status/2004/02/">February 2004</option>
645 <option value="http://defaria.com/blogs/Status/2004/01/">January 2004</option>
649 <option value="http://defaria.com/blogs/Status/2003/12/">December 2003</option>
653 <option value="http://defaria.com/blogs/Status/2003/11/">November 2003</option>
661 <div class="widget-syndication widget section">
662 <div class="widget-content">
663 <p><img src="http://defaria.com/mt/mt-static/images/status_icons/feed.gif" alt="Subscribe to feed" width="9" height="9" /> <a href="http://defaria.com/blogs/Status/atom.xml">Subscribe to this blog's feed</a></p>
671 <footer id="footer" role="contentinfo">
672 <div id="footer-inner">
673 <div id="footer-content">
674 <nav role="navigation">
676 <li><a href="http://defaria.com/blogs/Status/">Home</a></li>
682 <p class="license">© Copyright 2016.</p>
683 <p class="poweredby">Powered by <a href="http://www.movabletype.org/">Movable Type</a></p>
689 <script src="http://defaria.com/mt/mt-static/jquery/jquery.min.js"></script>
690 <script src="http://defaria.com/blogs/Status/mt-theme-scale2.js"></script>