一般刚装完p4,要进行以下几步的配置:

1. execute "p4 passwd" to set administrator's password.

初始状态administrator是没有密码的,所以一开始你要做login,肯定就会告诉你You don't have permission for this operation. set完password之后,p4 login就好了.

2. execute "p4 counter -f security 1" for security level setting.

默认security level是0,也就是说,用户不需要任何密码也可以创建并登陆.此选项一共有0,1,2,3四个选项,我在后面附上每一项的详细解释(1),这里一般选择1就可以了.

3. 这里插一句,如果在上面一步出现You don't have permission for this operation.提示的话,说明之前已经有其他用户进行过"p4 protect"操作.意思就是已经有别的用户抢夺了superuser权限并且把其他人的权限都锁定在superuser以下.这时候很简单,你只要把 perforce安装目录下面db.protect文件删掉就好了.之后security protect就解除了.

 

4. execute "p4 protect" to create Protections Specification for security protected.

这回轮到我执行"p4 protect"了,呵呵,执行之后会弹出一个记事本,这回让我们来自己描述Protections Specification.看最后面两行,如果是新创建的,p4会将当前用户定义为superuser,其他所有用户都为wirte 权限.

例如:    super user administrator * //...

    write user * * //...

最前面的单词是表示要分配的权限(之后我会附上所有权限的详细解释(2)),之后的user可以有两种选择user/group,意思就是 要分配给用户还是分配给组,之后就是用户名或者组名了,如果是*的话,就是所有用户啦,当然也包含新创建的用户.如果到这里关闭记事本保存的话.基本配置 就已经完成了.但是还有一个问题没有解决.就是任何人都可以随意的创建write权限的用户.这就要进行下一步了.

5.记得上一步默认自动向Protections Specification里面添加的"write user * * //..."这一句吗?呵呵,里面的用户名的位置被一个*星号取代,意味着所有用户包括新创建的用户都具有write权限,当然导致任何人都可以自动创建 不存在的用户而自动获得write权限.在这里只要把Protections Specification里面的"write user * * //..."删除,然后依次添加其他合法成员的权限配置就ok.如果以前人数太多,添加太麻烦,那可以添加一个组,将权限分配给这个组,然后把所有成员归 属到这个组里面就ok啦.这种实现办法我也附在后面啦(3).

到这里为止,我的问题基本就解决了,这个时候再用p4的client在未授权下去创建新用户,都会得到You don't have permission for this operation.的反馈.之前的我被添加的一大堆乱七八糟的用户怎么办呢,执行"p4 users"得到列表,用"p4 user -d username"一个个删除吧.如果是superuser,可以用-f参数强制删除,就像这样:"p4 user -d -f username".

 

附: 

(1)

-----------------------------------------------------------------------------

Server security levels

Perforce superusers can configure server-wide password usage
requirements, password strength enforcement, and supported

methods of user/server authentication by setting the security

counter. To change the security counter, issue the command:

p4 counter -f security seclevel

where seclevel is 0, 1, 2, or 3. After setting the counter, stop
and restart the server.

Choosing a server security level

The default security level is 0: passwords are not required, and
password strength is not enforced. 

To ensure that all users have passwords, use security level 1.
Users of old client programs can still enter weak passwords.

To ensure that all users have strong passwords, use security

level 2. Old Perforce software continues to work, but users of

old Perforce client software must change their password to a

strong password by using a Perforce client program at Release

2003.2 or above.

To require that all users have strong passwords, and to require

the use of session-based authentication, use security level 3 and

current Perforce client software.

Level 0 corresponds to pre-2003.2 server operation. Levels 1 and

2 were designed for support of legacy client software. Level 3

affords the highest degree of security.

The Perforce server security levels and their effects on the

behavior of Perforce client programs are defined below.

Security level

Server behavior

0 

(or unset) 

Legacy support: passwords are not required. If passwords are
used, password strength is not enforced.

Users with passwords can use either their P4PASSWD setting or the

p4 login command for ticket-based authentication.

Users of old Perforce client programs are unaffected. 

1 

Strong passwords are required for users of post-2003.2 Perforce
client programs, but existing passwords are not reset.

Pre-2003.2 Perforce client programs can set passwords with p4

passwd or in the p4 user form, but password strength is not

enforced.

Users with passwords can use either their P4PASSWD setting or the

p4 login command for ticket-based authentication. 

2 

All unverified strength passwords must be changed.
Users of pre-2003.2 client programs cannot set passwords.

Users of client programs at release 2003.2 or higher must use p4

passwd and enter their passwords at the prompt. Setting passwords

with the p4 user form or the p4 passwd -O oldpass -P newpass

command is prohibited.

On Windows, passwords are no longer stored in (or read from) the

registry. (Storing P4PASSWD as an environment variable is

supported, but passwords set with p4 set P4PASSWD are ignored.)

Users who have set strong passwords with a 2003.2 or higher

Perforce client program can use either their P4PASSWD setting for

password-based authentication, or the p4 login command for

ticket-based authentication. 

3 

All password-based authentication is rejected.
Users must use ticket-based authentication (p4 login).

If you have scripts that rely on passwords, use p4 login to

create a ticket valid for the user running the script, or use p4

login -p to display the value of a ticket that can be passed to

Perforce commands as though it were a password (that is, either

from the command line, or by setting P4PASSWD to the value of the

valid ticket).

Password strength

Certain combinations of server security level and Perforce client
software releases require users to set "strong" passwords. A

password is considered strong if it is at least eight characters

long, and at least two of the following are true:

The password contains uppercase letters.

The password contains lowercase letters.

The password contains nonalphabetic characters.

For example, the passwords a1b2c3d4, A1B2C3D4, aBcDeFgH are

considered strong.

--------------------------------------------------------------------

(2)

--------------------------------------------------------------------

Disabling User Auto Creation

How do I disable automatically creating users?
Perforce's default behavior is to automatically create users if

they don't currently exist when they first log into Perforce,

until the server reaches the number of users determined by their

current license. A Perforce server administrator may want to

disable this feature to avoid unnecessarily creating user

accounts in Perforce.

DETAILS

You disable user auto-creation by removing all generic "user"
protections (user protections using the "*" wild card for the

user name) from your Perforce protections table and using

"groups" and individual instead. In this example, the Perforce

administrator wants to give everyone write access to the depot

while keeping a specific "super" user account:

Save a list of all your users. Unix based systems or Windows

systems with Cygwin installed can use this command:

p4 users | cut -d " " -f 1This will create a list of user names
you can cut and paste or save to a file.

Create a group for all of your users:

p4 group all_usersThe group specification will open in your
default editor.

Add the list of users to the "Users" field of the group

specification.

Save the group and quit the text editor.

Open your Perforce protections table:

p4 protectThe protections table will open in your default editor.
Add a line to the protections table for the new group:

write group * //... Delete the line that grants all users any
access to the depot similar to:

write user * //... Don't grant any permissions to all users
("user *"). Grant permissions only to groups and individual users

, and user "group * " as a substitute for "user *".

--------------------------------------------------------------------

(3)

--------------------------------------------------------------------

# Perforce Protections Specification.

#

#  Each line contains a protection mode, a group/user indicator, the

#  group/user name, client host id and a depot file path pattern.

#  A user gets the highest privilege granted on any line.

#

#  Mode:        The permission being granted.  Each permission includes

#               all the permissions above it, except for 'review'.

#

#               list   - users can see names but not contents of files;

#                        users can see all non-file related metadata

#                        (clients, users, changelists, jobs, etc.)

#

#               read   - users can sync, diff, and print files

#

#               open   - users can add, edit, delete, and integrate files

#

#               write  - users can submit open files

#

#               super  - allows access to the 'p4 protect' command

#

#               review - allows access to the 'p4 review' command; implies

#                        read access

#

#  Group/User indicator: either 'group' or 'user'.

#

#  Name:        A Perforce group or user name; may be wildcarded.

#

#  Host:        The IP address of a client host; may be wildcarded.

#

#  Path:        The part of the depot being granted access.
Protections:

    super user fansy * //...

    write user line * //...

    write user cfy00 * //...

    super user administrator * //... 
 
 
C:\Windows\System32>p4 help usage

    Perforce client usage:

    p4 [options] command [arg ...]
    p4 -V

        options:
            -b batchsize -c client -C charset -d dir -H host
            -I -G -L language -p port -P pass -r retries -s
            -Q charset -u user -x file -z tag

        The -b batchsize specifies a batch size (number of arguments) to
        use when processing a command from a file '-x' (default 128).

        The -c flag specifies the client name, overriding the value of
        $P4CLIENT in the environment and the default (the hostname).

        The -C flag specifies the client's character set, overriding the
        value of $P4CHARSET in the environment.  See 'p4 help charset'
        for more information.

        The -d flag specifies the current directory, overriding the value of
        $PWD in the environment and the default (the current directory).

        The -G flag formats all output (and batch input for form commands
        with -i) as marshalled Python dictionary objects.

        The -H flag specifies the host name, overriding the value of
        $P4HOST in the environment and the default (the hostname).

        The -I flag specifies that progress indicators, if available
        are desired.  Only 'p4 -I submit' and 'p4 -I sync -q' are
        supported.  This flag is not compatible with the -s, -e, -G options.

        The -L flag specifies the language for text messages from the
        server, overriding the value of $P4LANGUAGE in the environment.
        Setting this option only works if the administrator has loaded
        support for non-English messages into the server database.

        The -p flag specifies the server's listen address, overriding the
        value of $P4PORT in the environment and the default (perforce:1666).

        The -P flag specifies the password, overriding the value of
        $P4PASSWD in the environment.

        The -Q flag specifies the client's command character set,
        overriding the value of $P4COMMANDCHARSET in the environment.
        See 'p4 help charset' for more information.

        The -r flag specifies the number of times a sync command should be
        retried if the network times out (takes longer than N seconds to
        respond to a single I/O operation) during sync command execution.
        For example:
           p4 -r4 -vnet.maxwait=300 sync //...
        specifies to retry this 'sync' up to 4 times, should any single
        network operation take longer than 5 minutes to complete. The -r
        flag should not be used on a command which reads from stdin.

        The -s flag causes the p4 command line client program to prefix
        each line of output with a tag (error, warning, info, text, exit)
        to make it easier to use for scripting.

        The -u flag specifies the user name, overriding the value of
        $P4USER, $USER, and $USERNAME in the environment.

        The -x flag instructs p4 to read arguments, one per line, from the
        specified file.  If you specify '-', standard input is read.

        The -V flag displays the version of the p4 client command and exits.

        The -z tag option returns output of reporting commands in the
        format returned by 'p4 fstat'.