On a system with fairly up to date netbsd-1-6 (but pre 12/17), I found
that a user fred in group lusers was unable to do cvs to a repository
where both the root of the repo and CVSROOT were mode 770, user jane
group lusers.  This used to work, and should.

The problem was that cvs was checking for permission to read CVSROOT
to find CVSROOT/config, and was using a homegrown lame excuse for
access(2), and checked if the euid matched the directory user, or if
the egid matched the group.  It neglected to check the additional
groups.

Shortly after finding this problem late last week, it popped up on
another unrelated netbsd-1-6 machine today.

I see that 1.11.10 has been pulled up to netbsd-1-6, and that appears
to use access(2) for this check.

-- 
        Greg Troxel <gdt@ir.bbn.com>