2021-11-21 15:33 AEST by Arthur Barrett - also see. bug 7586 (acl documentation)

admin users always imply 'control' privilege.

If a customer wants to allow users to deny admin any access, then this is not possible.

I propose than an enhanced aclmode be available for customers who require this.

Of course a Windows Administrator could always manipulate the files in the repository to grant access - but 
this is outside the scope of CVSNT security.

2021-11-23 19:21 AEST by Arthur Barrett - A customer suggest:

A suggestion (maybe useful?) would be to provide an 'aclmode' that was the same as 'normal' except 
*ownership* by default was always inherited (and if the top-level ownership was initially set to an admin user 
all subsequent directory/file ownership would assume the same). This would allow for complete control of 
ownership/ACLs to be limited to 'admin' users only.

2021-11-23 19:23 AEST by Arthur Barrett - An advantage of the approach suggested by the customer is that it's not incompatible with perfect secrecy.

ie: the customer could set the root ownership to user1 and admin would NOT have control access.

The simplest method of implementing this repository wide, would be with a single defined user for the 
repository and changing the 'owner_or_admin()' check with one that uses a fixed username (from 
CVSROOT/config)