- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Perforce Public Depot: Decentralized Protect Daemon</title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
- <link rel="stylesheet" href="http://public.perforce.com/public/css/pure.css" type="text/css"/>
- <link rel="stylesheet" href="http://public.perforce.com/public/css/depot.css" type="text/css"/>
- </head>
- <body>
- <div id="outer">
- <div id="page-top"><!-- frames the logo and search -->
- <!-- logo -->
- <div id="logo">
- <a href="http://www.perforce.com"><img src="http://public.perforce.com/public/images/site_logo.gif" alt="Perforce Public Depot" width="219" height="50"/></a>
- </div>
- <div id="search"><!-- search section -->
- <form method="get" action="http://www.google.com/search">
- <div><!-- needed so invisible field will validate -->
- <input type="hidden" name="sitesearch" value="public.perforce.com"/>
- </div><!-- silly invisible field div -->
- <ul class="search-box">
- <li class="left"><input type="text" size="40" name="q" value="" class="search-form"/></li>
- <li class="middle"><input type="submit" value="Search" class="search-button"/></li>
- <li class="right" style="color: black;">Powered by Google</li>
- </ul>
- </form><!-- top navbar search form -->
- </div><!-- end search section -->
- </div>
- <!-- start site content -->
- <div id="main-body">
- <div id="content-outer">
- <div id="content">
- <!-- Content starts here -->
- <h1>The Perforce Decentralized Protect Daemon</h1>
- <!-- ABOUT THIS PROJECT -->
- <a name="about"></a>
- <h3>About This Project</h3>
- <dl class="project">
- <dt>Content</dt>
- <dd>
- <p>
- The Decentralized Protect Daemon allows regular Perforce users to manage the permissions
- for parts of the perforce depot without granting them super user access.
- Each user can recursively delegate part of his responsibility to other users.
- The super users don't need to spend much time managing the perforce permissions.
- </p>
- </dd>
- </dl>
- <!-- QUICKLINKS -->
- <div class="quickLinks">
- <ul>
- <li><a href="#about"><br/>About</a></li>
- <li><a href="#overview"><br/>Overview</a></li>
- <li><a href="#p4protectfile">p4.protect<br/>file</a></li>
- <li><a href="#masterprotectfile">master.protect<br/>file</a></li>
- <li><a href="#downloads"><br/>Downloads</a></li>
- <li><a href="#site">Project<br/>Background</a></li>
- </ul>
- </div>
- <a name="overview"></a>
- <h3>Overview</h3>
- <dl class="project">
- <dd><p>
- The Decentralized Protect Daemon reads the permissions from files which may be submitted anywhere
- in the depot. These files are named <code>p4.protect</code>.
- Each <code>p4.protect</code> file contains the local permissions for that directory and all its
- subdirectories. The daemon combines all these files into one list
- which it applies using <code>p4 protect -i</code>. </p>
- <p>A <code>p4.protect</code> file may only grant permissions using relative paths. The daemon uses
- the location of the <code>p4.protect</code> file to make the relative paths absolute.</p>
- <p>Any user that can edit a <code>p4.protect</code> file, may grant him or herself all permissions
- for that subtree (including <code>admin</code>). Therefore, write permissions for the
- <code>p4.protect</code> files must be given explicitly. It is not possible to grant super user access
- by editing a <code>p4.protect</code> file.</p>
- <p>Permissions set in one p4.protect file, can be overridden by another p4.protect file. This
- aspect heavily depends on the way Perforce protections are implemented. See
- <a href="http://www.perforce.com/perforce/doc.073/manuals/p4sag/04_protect.html#1047007">this
- section in Chapter 4</a> of the Perforce <a href="http://www.perforce.com/perforce/doc.073/manuals/p4sag/index.html">
- System Administrator's Guide</a> </p>
- <p>There's one special file: the <code>master.protect</code> file. It can be
- located anywhere in the depot (the exact location can be set in a configuration variable). Only the <code>master.protect</code> file may
- grant superuser privileges and may have absolute paths.
- </p>
- </dd>
- </dl>
- <a name="p4protectfile"></a>
- <h3>The p4.protect file</h3>
- <dl class="project">
- <dd><p>A <code>p4.protect</code> file consists of up to three sections.
- Each section starts with a section header followed by permission lines, which must be indented.
- The section header may not be indented. Comment lines start with a <code>#</code> (possibly indented).</p>
- <p>Example <code>p4.protect</code> file:</p>
- <table border="1" cellpadding="3" cellspacing="0">
- <caption></caption>
- <tr><td colspan="1" rowspan="7"><p><code>
- # Permissions for the Plonkels project
- <br/>default:
- <br/> read user emily * ...
- <br/> write group devgrp * ...
- <br/>enforce:
- <br/> write user * 195.3.24.0/24 -...
- <br/> write user joe * -intf/...
- <br/> write user lisag * -...
- <br/> write user lisag * doc/...
- <br/>protect:
- <br/> write user jim * p4.protect
- </code>
- </p></td></tr>
- </table>
- <p/>
- <p>The following sections are supported:</p>
- <ul>
- <li><strong>default:</strong> Permissions in this section may apply to all files except the
- <code>p4.protect</code> files. These permissions
- <em>may be overridden</em> by <code>p4.protect</code> files submitted in a subdirectory of the
- current directory.</li>
- <li><strong>enforce:</strong> Permissions in this section may apply
- to all files except the <code>p4.protect</code> files. These permissions <em>may
- override</em> the default section of this <code>p4.protect</code> and
- the default and enforce sections of <code>p4.protect</code> files submitted in a
- subdirectory of the current directory.</li>
- <li><strong>protect:</strong> Permissions in this section may only apply to <code>p4.protect</code>
- files, including the file containing this section. These permissions <em>may
- override</em> the protect sections of <code>p4.protect</code> files
- submitted in a subdirectory of the current directory.</li>
- </ul>
- <p>The syntax of a permission line is very similar to the Perforce syntax for permission lines.
- It uses the same five fields: Access Level, User/Group, Name, Host and Files.
- See <a href="http://www.perforce.com/perforce/doc.073/manuals/p4sag/04_protect.html#1059262">Chapter 4</a>
- of the Perforce <a href="http://www.perforce.com/perforce/doc.073/manuals/p4sag/index.html">System
- Administrator's Guide</a> for more details on these fields</p>
- <p>For <code>p4.protect</code> files the following restrictions apply:</p>
- <ul>
- <li>The Access Level cannot be <code>super</code>.</li>
- <li>The Files field cannot start with a slash ('<code>/</code>'), i.e. it must be a relative path.</li>
- </ul>
- </dd>
- </dl>
- <a name="masterprotectfile"></a>
- <h3>The master.protect file</h3>
- <dl class="project">
- <dd><p>The <code>master.protect</code> file has the same structure as the <code>p4.protect</code>
- file. It can be seen as the top-level <code>p4.protect</code> file. Its <code>enforce</code> and
- <code>protect</code>
- sections may override the permissions set in all <code>p4.protect</code> files.
- </p>
- <p>The restrictions to the Access Level and File fields do not apply to the
- <code>master.protect</code> file. Thus, this file is the only place where super users are
- defined. All Files fields must contain absolute paths.</p>
- </dd>
- </dl>
- <!-- DOWNLOADS -->
- <a name="downloads"></a>
- <h3>Downloads</h3>
- <dl class="Dwnload">
- <dd>
- <ul>
- <li>
- <em>todo</em></li>
- </ul>
- </dd>
- </dl>
- <!-- PROJECT BACKGROUND -->
- <a name="site"></a>
- <h3>Project Background</h3>
- <dl class="pbacksite">
- <dd>
- <p>The Decentralized Protect Daemon has been in use since 2003 at <a href="http://www.ortec.com">Ortec</a> in the Netherlands.
- It is developed and maintained by Servaas Goossens (s goossens at ortec dot n l)
- and published under the GNU GPL in february 2008.</p>
- </dd>
- </dl>
- <div class="hr-dotted"></div>
- <p class="stored-file">You're browsing a file stored as <code>$Id: //guest/servaas_goossens/decentprotect/index.html#2 $</code>
- </p>
- <!-- Content ends here -->
- </div><!-- id content -->
- </div><!-- id content-outer -->
- </div><!-- id main-body -->
- <!-- Copyright and bottom bar -->
- <div id="copyright">
- <p>The decentprotect script and the above documentation is Copyright © 2008 Servaas Goossens;<br/>
- See the file <a href="COPYING">COPYING</a> for license terms.<br/>
- All the rest is Copyright © 2008 Perforce</p>
- </div>
- </div>
- </body>
- </html>
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #2 | 6236 | Servaas Goossens | Filetype +k for index.html | 17 years ago | |
| #1 | 6235 | Servaas Goossens | Decentralized Protect Daemon: * Add index.html file (work in progress!) * Fix bug in comp...lain_to_submitter * Improve error reporting (use formatException()) * Make closemailport() more robust in case smtp server has already disconnected. « |
17 years ago |