This a two days work for a new ACL implementation for CVS. It is conceptually based on the dev-access patch which can be found here.

Actually, that patch works only with 1.10.x version, so I started to develop a new acl implementation, because I really need an ACL system for CVS in the company I work :)...

This is alpha code which lacks many functionalities (eg, you have to edit the acl directly on the repository server).

It is only tested on Linux, so I don't know its behaviour on other systems.


Retrieve the 1.11.9 release of CVS from and unpack it.

Retrieve the YACLCVS patch archive from SourceForge and unpack it.

Change to the root directory of the CVS project and apply the patch as below:

    patch -p0 < ../cvs-1.11.9-yacl-0.1/cvs-1.11.9-yacl-0.1.patch

Next, do a

    make -f Makefile.acl

in order to regenerate the Makefiles. Do a

    configure && make && make install

and you're in business...


The acl files are located in the repository, in each directory must be protected. The acls are inherited from the parent directory if no rule file is found in the current one.

The search process stops on the $CVSROOT, and acls are disabled if no acl file is found.

The owner of a directory is kept in .#owner file; the acl rules are kept in .#acces file.

The acl file have the following format (one line for rule):


To represent the don't care rule, you may use a wildcard (*).

The EXTRA_COMMAND field works for add and watch; for add you may specify file or dir; for watch, the on and off values are permitted (somebody turned off the watches on a project, so nobody received any notification)...

The RESOURCE_NAME field is used if someone wants to protect a file.

The file is parsed line by line until a match is found; in this case the operation is allowed.

This is the .#acces file I use on my repository for this project:


...and, of course, the .#owner file looks like this:



A LOT!!!