<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Perforce Public Depot: Decentralized Protect Daemon</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<link rel="stylesheet" href="http://public.perforce.com/public/css/pure.css" type="text/css"/>
<link rel="stylesheet" href="http://public.perforce.com/public/css/depot.css" type="text/css"/>
</head>
<body>
<div id="outer">
<div id="page-top"><!-- frames the logo and search -->
<!-- logo -->
<div id="logo">
<a href="http://www.perforce.com"><img src="http://public.perforce.com/public/images/site_logo.gif" alt="Perforce Public Depot" width="219" height="50"/></a>
</div>
<div id="search"><!-- search section -->
<form method="get" action="http://www.google.com/search">
<div><!-- needed so invisible field will validate -->
<input type="hidden" name="sitesearch" value="public.perforce.com"/>
</div><!-- silly invisible field div -->
<ul class="search-box">
<li class="left"><input type="text" size="40" name="q" value="" class="search-form"/></li>
<li class="middle"><input type="submit" value="Search" class="search-button"/></li>
<li class="right" style="color: black;">Powered by Google</li>
</ul>
</form><!-- top navbar search form -->
</div><!-- end search section -->
</div>
<!-- start site content -->
<div id="main-body">
<div id="content-outer">
<div id="content">
<!-- Content starts here -->
<h1>The Perforce Decentralized Protect Daemon</h1>
<!-- ABOUT THIS PROJECT -->
<a name="about"></a>
<h3>About This Project</h3>
<dl class="project">
<dt>Content</dt>
<dd>
<p>
The Decentralized Protect Daemon allows regular Perforce users to manage the permissions
for parts of the perforce depot without granting them super user access.
Each user can recursively delegate part of his responsibility to other users.
The super users don't need to spend much time managing the perforce permissions.
</p>
</dd>
</dl>
<!-- QUICKLINKS -->
<div class="quickLinks">
<ul>
<li><a href="#about"><br/>About</a></li>
<li><a href="#overview"><br/>Overview</a></li>
<li><a href="#p4protectfile">p4.protect<br/>file</a></li>
<li><a href="#masterprotectfile">master.protect<br/>file</a></li>
<li><a href="#downloads"><br/>Downloads</a></li>
<li><a href="#site">Project<br/>Background</a></li>
</ul>
</div>
<a name="overview"></a>
<h3>Overview</h3>
<dl class="project">
<dd><p>
The Decentralized Protect Daemon reads the permissions from files which may be submitted anywhere
in the depot. These files are named <code>p4.protect</code>.
Each <code>p4.protect</code> file contains the local permissions for that directory and all its
subdirectories. The daemon combines all these files into one list
which it applies using <code>p4 protect -i</code>. </p>
<p>A <code>p4.protect</code> file may only grant permissions using relative paths. The daemon uses
the location of the <code>p4.protect</code> file to make the relative paths absolute.</p>
<p>Any user that can edit a <code>p4.protect</code> file, may grant him or herself all permissions
for that subtree (including <code>admin</code>). Therefore, write permissions for the
<code>p4.protect</code> files must be given explicitly. It is not possible to grant super user access
by editing a <code>p4.protect</code> file.</p>
<p>Permissions set in one p4.protect file, can be overridden by another p4.protect file. This
aspect heavily depends on the way Perforce protections are implemented. See
<a href="http://www.perforce.com/perforce/doc.073/manuals/p4sag/04_protect.html#1047007">this
section in Chapter 4</a> of the Perforce <a href="http://www.perforce.com/perforce/doc.073/manuals/p4sag/index.html">
System Administrator's Guide</a> </p>
<p>There's one special file: the <code>master.protect</code> file. It can be
located anywhere in the depot (the exact location can be set in a configuration variable). Only the <code>master.protect</code> file may
grant superuser privileges and may have absolute paths.
</p>
</dd>
</dl>
<a name="p4protectfile"></a>
<h3>The p4.protect file</h3>
<dl class="project">
<dd><p>A <code>p4.protect</code> file consists of up to three sections.
Each section starts with a section header followed by permission lines, which must be indented.
The section header may not be indented. Comment lines start with a <code>#</code> (possibly indented).</p>
<p>Example <code>p4.protect</code> file:</p>
<table border="1" cellpadding="3" cellspacing="0">
<caption></caption>
<tr><td colspan="1" rowspan="7"><p><code>
# Permissions for the Plonkels project
<br/>default:
<br/> read user emily * ...
<br/> write group devgrp * ...
<br/>enforce:
<br/> write user * 195.3.24.0/24 -...
<br/> write user joe * -intf/...
<br/> write user lisag * -...
<br/> write user lisag * doc/...
<br/>protect:
<br/> write user jim * p4.protect
</code>
</p></td></tr>
</table>
<p/>
<p>The following sections are supported:</p>
<ul>
<li><strong>default:</strong> Permissions in this section may apply to all files except the
<code>p4.protect</code> files. These permissions
<em>may be overridden</em> by <code>p4.protect</code> files submitted in a subdirectory of the
current directory.</li>
<li><strong>enforce:</strong> Permissions in this section may apply
to all files except the <code>p4.protect</code> files. These permissions <em>may
override</em> the default section of this <code>p4.protect</code> and
the default and enforce sections of <code>p4.protect</code> files submitted in a
subdirectory of the current directory.</li>
<li><strong>protect:</strong> Permissions in this section may only apply to <code>p4.protect</code>
files, including the file containing this section. These permissions <em>may
override</em> the protect sections of <code>p4.protect</code> files
submitted in a subdirectory of the current directory.</li>
</ul>
<p>The syntax of a permission line is very similar to the Perforce syntax for permission lines.
It uses the same five fields: Access Level, User/Group, Name, Host and Files.
See <a href="http://www.perforce.com/perforce/doc.073/manuals/p4sag/04_protect.html#1059262">Chapter 4</a>
of the Perforce <a href="http://www.perforce.com/perforce/doc.073/manuals/p4sag/index.html">System
Administrator's Guide</a> for more details on these fields</p>
<p>For <code>p4.protect</code> files the following restrictions apply:</p>
<ul>
<li>The Access Level cannot be <code>super</code>.</li>
<li>The Files field cannot start with a slash ('<code>/</code>'), i.e. it must be a relative path.</li>
</ul>
</dd>
</dl>
<a name="masterprotectfile"></a>
<h3>The master.protect file</h3>
<dl class="project">
<dd><p>The <code>master.protect</code> file has the same structure as the <code>p4.protect</code>
file. It can be seen as the top-level <code>p4.protect</code> file. Its <code>enforce</code> and
<code>protect</code>
sections may override the permissions set in all <code>p4.protect</code> files.
</p>
<p>The restrictions to the Access Level and File fields do not apply to the
<code>master.protect</code> file. Thus, this file is the only place where super users are
defined. All Files fields must contain absolute paths.</p>
</dd>
</dl>
<!-- DOWNLOADS -->
<a name="downloads"></a>
<h3>Downloads</h3>
<dl class="Dwnload">
<dd>
<ul>
<li>
<em>todo</em></li>
</ul>
</dd>
</dl>
<!-- PROJECT BACKGROUND -->
<a name="site"></a>
<h3>Project Background</h3>
<dl class="pbacksite">
<dd>
<p>The Decentralized Protect Daemon has been in use since 2003 at <a href="http://www.ortec.com">Ortec</a> in the Netherlands.
It is developed and maintained by Servaas Goossens (s goossens at ortec dot n l)
and published under the GNU GPL in february 2008.</p>
</dd>
</dl>
<div class="hr-dotted"></div>
<p class="stored-file">You're browsing a file stored as <code>$Id: //guest/servaas_goossens/decentprotect/index.html#2 $</code>
</p>
<!-- Content ends here -->
</div><!-- id content -->
</div><!-- id content-outer -->
</div><!-- id main-body -->
<!-- Copyright and bottom bar -->
<div id="copyright">
<p>The decentprotect script and the above documentation is Copyright © 2008 Servaas Goossens;<br/>
See the file <a href="COPYING">COPYING</a> for license terms.<br/>
All the rest is Copyright © 2008 Perforce</p>
</div>
</div>
</body>
</html>
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #2 | 6236 | Servaas Goossens | Filetype +k for index.html | ||
| #1 | 6235 | Servaas Goossens |
Decentralized Protect Daemon: * Add index.html file (work in progress!) * Fix bug in complain_to_submitter * Improve error reporting (use formatException()) * Make closemailport() more robust in case smtp server has already disconnected. |