For all access methods except pserver, CVS relies exclusively on the filesystem to manage permissions. Each user must have a username on the repository server, and must have write access to every directory that contains files they will need to commit.

You can control permissions only at a directory level. If a user will need to commit to any file in a directory, she needs read and write access to the whole directory.

Once, I was working on a project where I had to connect to the repository server through an intermediate proxy server. We kept getting permission errors and eventually tracked it to the intermediary. We all had membership in the col group on the client and repository servers, but not on the intermediary. As files passed through the intermediate server, their group membership information was lost, so they were saved in the repository with no group ownership. We corrected this by setting the repository directories’ SGID flags on the repository server.

The history and val-tags files in the repository’s CVSROOT directory must be writable to all CVS users. The history file can be removed if none of your users use the cvs history command.