On Friday 02 of January 2009 22:53:36 Robin H. Johnson wrote: > On Fri, Jan 02, 2009 at 01:40:09PM -0800, Alec Warner wrote: > > How hard would it be to change permissions on the ,v file for this and > > just run the use.local.desc updater as a user with different > > privileges? > > It does have different permissions. It's the directory permissions that > matter however. I already tried the file permissions. If we want to > truly block it while not affecting commits to the rest of the directory, > we need to add CVS ACLS, which I've been meaning to do, but just never > got around to. > > CVS does (the short version): > 1. Take a file-based lock (#A) for the target ,v file. > No writes permitted, reads are permitted. > 2. Build the new version of the ,v in the temp space. > 3. Copy the new version to a different name in the target directory. > 4. Upgrade lock #A, no reads permitted now. > 5. unlink the old ,v file > (the kernel checks the directory permissions, not the file perms). > 6. rename the new file into place. > 7. Release lock #A.
What about creating a hook that checks if commited file is the one in question and fails the commit, if true? I don't know much about cvs hooks, however in svn it would be simple to setup.
