Initial add of defaria.com

[clearscm.git] / defaria.com / blogs / Status / archives / week_2005_07_10.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="sixapart-standard">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
   <meta name="generator" content="Movable Type 5.2.3" />

   <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles-site.css" type="text/css" />
   <link rel="alternate" type="application/atom+xml" title="Atom" href="http://defaria.com/blogs/Status/atom.xml" />
   <link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://defaria.com/blogs/Status/index.xml"$>" />

   <title>Status for Andrew DeFaria: July 10, 2005 - July 16, 2005 Archives</title>

   <link rel="start" href="http://defaria.com/blogs/Status/" title="Home" />
   <link rel="prev" href="http://defaria.com/blogs/Status/archives/week_2005_07_03.html" title="July  3, 2005 - July  9, 2005" />
   <link rel="next" href="http://defaria.com/blogs/Status/archives/week_2005_07_17.html" title="July 17, 2005 - July 23, 2005" />
</head>
<body class="layout-one-column">
   <div id="container">
      <div id="container-inner" class="pkg">

         <div id="banner">
            <div id="banner-inner" class="pkg">
               <h1 id="banner-header"><a href="http://defaria.com/blogs/Status/" accesskey="1">Status for Andrew DeFaria</a></h1>
               <h2 id="banner-description">Searchable status reports and work log</h2>
            </div>
         </div>

         <div id="pagebody">
            <div id="pagebody-inner" class="pkg">
               <div id="alpha">
                  <div id="alpha-inner" class="pkg">
                     
                     <p class="content-nav">
                        <a href="http://defaria.com/blogs/Status/archives/week_2005_07_03.html">&laquo; July  3, 2005 - July  9, 2005</a> |
                        <a href="http://defaria.com/blogs/Status/">Main</a>
                        | <a href="http://defaria.com/blogs/Status/archives/week_2005_07_17.html">July 17, 2005 - July 23, 2005 &raquo;</a>
                     </p>
                     
                     
                     

                     <h2 class="date-header">July 15, 2005</h2>
                     <a id="a000388"></a>
                     <div class="entry" id="entry-388">
                        <h3 class="entry-header">CVS Adm Web App - per repository</h3>
                        <div class="entry-content">
                           <div class="entry-body">
                              <ul>
  <li>Vinnie and I decided that it's best to place the passwd, groups (new), sysusers (new) files in the repository under CVSROOT</li>

  <li>Started changing web app to handle this new change and added new <i>Select Server</i> and <i>Select Repository</i> screens. Much of the code now needs to pass along $cvs_server and $repository to the API</li>
</ul>
                              
                              <p class="entry-footer">
                                 <span class="post-footers">Posted by  at 11:05 AM</span> <span class="separator">|</span> <a class="permalink" href="http://defaria.com/blogs/Status/archives/000388.html">Permalink</a>
                                 
                                 
                              </p>
                           </div>
                        </div>
                     </div>
                     
                     

                     <h2 class="date-header">July 14, 2005</h2>
                     <a id="a000384"></a>
                     <div class="entry" id="entry-384">
                        <h3 class="entry-header">DOORS/LOS178 Build Procedure</h3>
                        <div class="entry-content">
                           <div class="entry-body">
                              <ul>
  <li>Managed to install DOORS. Turns out that using Tomcat for FlexLM requires port 19360 <b>not</b> port 19353</li>

  <li>Exported the HybridOS Build Procedure document to create the LOS178 2.1.0 Build Procedure document</li>

  <li>Attempting to document exactly what CVS access is given for a username in the readers/writers files depending on whether or not either file exists for the CVSAdm web app</li>
</ul>
                              
                              <h3>Determining CVS Read/Write Access</h3>

<p>CVS decides read/write access based on the presence of the user name in the files readers and writers in the repository. Additionally either or both of these files may be missing.</p>

<p>The CVS Manual says:</p>

<blockquote><i>
<p>If <tt>readers</tt> exists, and this user is listed in it, then the user gets read-only access. Or if <tt>writers</tt> exists, and this user is <b>not</b> listed in it, then they also get read-only access (this is true even if <tt>readers</tt> exists but they are not listed there). Otherwise, she gets full read-write access.</p>

<p>Of course there is a conflict if the user is listed in both files. This is resolved in the more conservative way, it being   better to protect the repository too much than too little: such a user gets read-only access.</p>
</i></blockquote>

<p>Based on that the following describe the access granted to a user.</p>

<center>
<table border=1 cellspacing=0 cellpadding=2>
  <tbody>
    <tr>
      <th bgcolor="teal"><font color="white">Case</font></th>
      <th bgcolor="teal"><font color="white">Readers</font></th>
      <th bgcolor="teal"><font color="white">Writers</font></th>
      <th bgcolor="teal"><font color="white">Read Access</font></th>
      <th bgcolor="teal"><font color="white">Write Access</font></th>    </tr>
    <tr align="center">
      <td>1</td>
      <td>No File</td>
      <td>No File</td>
      <td>No</td>
      <td>No</td>
    </tr>
    <tr align="center">
      <td>2</td>
      <td>No File</td>
      <td>Not Present</td>
      <td>Yes</td>
      <td>No</td>
    </tr>
    <tr align="center">
      <td>3</td>
      <td>No File</td>
      <td>Present</td>
      <td>Yes</td>
      <td>Yes</td>
    </tr>
    <tr align="center">
      <td>4</td>
      <td>Not Present</td>
      <td>No File</td>
      <td>No</td>
      <td>No</td>
    </tr>
    <tr align="center">
      <td>5</td>
      <td>Not Present</td>
      <td>Not Present</td>
      <td>Yes</td>
      <td>No</td>
    </tr>
    <tr align="center">
      <td>6</td>
      <td>Not Present</td>
      <td>Present</td>
      <td>Yes</td>
      <td>Yes</td>
    </tr>
    <tr align="center">
      <td>7</td>
      <td>Present</td>
      <td>No File</td>
      <td>Yes</td>
      <td>No</td>
    </tr>
    <tr align="center">
      <td>8</td>
      <td>Present</td>
      <td>Not Present</td>
      <td>Yes</td>
      <td>No</td>
    </tr>
    <tr align="center">
      <td>9</td>
      <td>Present</td>
      <td>Present</td>
      <td>Yes</td>
      <td>No</td>
    </tr>
  </tbody>
</table>
</center>

<ol>
  <li>A strict intepretation of the CVS manual might lead you to
believe that since readers does not exist and writers does not exist then it would fall into the "Otherwise" statement at the end of the first paragraph. However an argument can be made that the user is also not listed in the writers file because the writers file is not present. But I believe that no access should be granted.</li>

  <li>Readers does not exist and the user is not listed in writers
so read only access.</li>

  <li>Readers does not exist but the user is listed in writers. So
the user has write access. Does this imply read access? Does write-only access exist?</li>

  <li>User is not listed in the readers file and there is no writers
file. This case is not covered by the CVS manual. My assumption is therefore no access. Again a strict interpretation might argue the "Otherwise" clause but I think not.</li>

  <li>User is not listed in the readers file nor in the writers file
therefore read only access.</li>

  <li>User is not listed in the readers file but is listed in the
writers file. User gets read/write access.</li>

  <li>User is listed in the readers file but there is no writers
file. Read only access.</li>

  <li>User is listed in the readers file but not present in writers
file. Read only access.</li>

  <li>User is listed in the readers file and the writers file. This
is the conflict. Resolve the conflict by only providing read access.</li>
</ol>
                              
                              <p class="entry-footer">
                                 <span class="post-footers">Posted by  at  5:13 PM</span> <span class="separator">|</span> <a class="permalink" href="http://defaria.com/blogs/Status/archives/000384.html">Permalink</a>
                                 
                                 
                              </p>
                           </div>
                        </div>
                     </div>
                     
                     

                     <h2 class="date-header">July 13, 2005</h2>
                     <a id="a000387"></a>
                     <div class="entry" id="entry-387">
                        <h3 class="entry-header">CVS Adm Web App</h3>
                        <div class="entry-content">
                           <div class="entry-body">
                              <ul>
  <li>Got password updating working</li>

  <li>Got it working such that the cookie setting code is working</li>

  <li>Implemented Admin mode for cvsroot user only. This allows the cvsroot user to manage other users, groups and sysusers</li>

  <li>Also when in admin mode the cvsroot user can set another persons password to something new without having to know the old password (i.e. password reset)</li>

  <li>Also when in admin mode the sysuser is exposed as a drop down - allowing cvsroot to change a sysuser for a user</li>

  <li>Still need to workout read/write access properly, other security issues (possibly a setuid script allowing the apache user to become cvsroot to re-write and/or check out and in files like passwd, readers and writers for repositories).</li>

  <li>Another issue is what to do as far as for paranoia checking. For example, what should happen if cvsroot attempts to remove say the "int" group and there are still users associated with the int group?</li>
</ul>
                              
                              <p class="entry-footer">
                                 <span class="post-footers">Posted by  at  5:59 PM</span> <span class="separator">|</span> <a class="permalink" href="http://defaria.com/blogs/Status/archives/000387.html">Permalink</a>
                                 
                                 
                              </p>
                           </div>
                        </div>
                     </div>
                     
                     

                     <h2 class="date-header">July 12, 2005</h2>
                     <a id="a000386"></a>
                     <div class="entry" id="entry-386">
                        <h3 class="entry-header">CVS Adm Web App</h3>
                        <div class="entry-content">
                           <div class="entry-body">
                              <ul>
  <li>Managed to get logging in working</li>

  <li>Moved common code to CVSAdm.pm Perl module</li>

  <li>Changed to handle multiple groups</li>

  <li>Changed to use global groups and sysusers files</li>
</ul>
                              
                              <p class="entry-footer">
                                 <span class="post-footers">Posted by  at  5:44 PM</span> <span class="separator">|</span> <a class="permalink" href="http://defaria.com/blogs/Status/archives/000386.html">Permalink</a>
                                 
                                 
                              </p>
                           </div>
                        </div>
                     </div>
                     
                     

                     <h2 class="date-header">July 11, 2005</h2>
                     <a id="a000385"></a>
                     <div class="entry" id="entry-385">
                        <h3 class="entry-header">CVS Adm Web App</h3>
                        <div class="entry-content">
                           <div class="entry-body">
                              <ul>
  <li>Vinnie told me of a CVS Administration Web App he wants so I started developing it</li>

  <li>Working on the basic login screen and parsing of files like passwd and repository readers/writers files. Borrowing heavily from my MAPS application at home where I have done this before.</li>
</ul>
                              
                              <p class="entry-footer">
                                 <span class="post-footers">Posted by  at  5:23 PM</span> <span class="separator">|</span> <a class="permalink" href="http://defaria.com/blogs/Status/archives/000385.html">Permalink</a>
                                 
                                 
                              </p>
                           </div>
                        </div>
                     </div>
                     
                  </div>
               </div>
            </div>
         </div>
      </div>
   </div>
</body>
</html>