[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: Linus
|
From: |
Miles Bader |
|
Subject: |
Re: [Gnu-arch-users] Re: Linus |
|
Date: |
Mon, 13 Oct 2003 08:36:31 -0400 |
|
User-agent: |
Mutt/1.3.28i |
On Mon, Oct 13, 2003 at 08:15:07AM -0400, Colin Walters wrote:
> > Since you're pushing for the copy-permissions hack, what does that solve?
> > It (1) avoids the need to set the umask specially on login, and (2) allows
> > different branches(&c) to use different permission bits.
>
> 3) Would work for both sftp:// and file:// transports
Right, but it's not necessary for this.
> 4) Is extremely familiar to users of CVS and just Unix in general in
> that it's based simply on filesystem permissions
Ditto.
> And most importantly:
>
> 5) Generally doesn't require system administrator intervention. The
> user can resolve pretty much any situation they can get themselves
> into. That's probably not going to be the case if the sysadmin has to
> edit some centralized ssh subsystem script or whatever to change
> permissions.
I don't think there's any suggestion to do that, merely to use a ssh
subsystem script to _fix_ the umask with appropriately loose permissions, so
they don't get in the way. That would be a one-time thing, done only when
arch support is initially enabled on savannah (and the same script could be
used by _all_ sftp access to savannah).
> > (2) Is only useful if you have some access-control problem that can't be
> > solved by changing a file's group-id, which seems true only if you need
> > to enforce certain types of access control, but which as far as I can
> > see is _not_ needed to enforce the typical sort of control needed on
> > e.g. savannah.
>
> Presently you can't solve this just with a groupid because tla doesn't
> copy the permissions!
Why do you need to copy the permissions? As long as your umask is correct
(002), the default (rwxrwsr-x) should be good enough to allow groups to be
used to control access (and groups _are_ correctly propagated).
See my other longish reply for more detail.
> > (1) Is useful even for cases where you use a single global file
> > permission (perhaps with multiple gids), because it avoids any
> > problems with setting the umask in the sftp server/local user's
> > environment. Is the only issue then?
>
> No, see above.
Right, please reconsider this in light of what I said above.
-Miles
--
I'm beginning to think that life is just one long Yoko Ono album; no rhyme
or reason, just a lot of incoherent shrieks and then it's over. --Ian Wolff
- Re: [Gnu-arch-users] Re: Linus, (continued)
- Re: [Gnu-arch-users] Re: Linus, Tom Lord, 2003/10/13
- Re: [Gnu-arch-users] Re: Linus, Tom Lord, 2003/10/13
- Re: [Gnu-arch-users] Re: Linus, Ethan Benson, 2003/10/14
- on being an ass Re: [Gnu-arch-users] Re: Linus, Tom Lord, 2003/10/14
- [Gnu-arch-users] Re: on being an ass, zander, 2003/10/14
- Re: [Gnu-arch-users] Re: Linus, Colin Walters, 2003/10/13
- Re: [Gnu-arch-users] Re: Linus,
Miles Bader <=
- Re: [Gnu-arch-users] Re: Linus, Colin Walters, 2003/10/13
- Re: [Gnu-arch-users] Re: Linus, Ethan Benson, 2003/10/13
- [Gnu-arch-users] Re: Linus, Neil Stevens, 2003/10/12
- Re: [Gnu-arch-users] Re: Linus, Colin Walters, 2003/10/12
- [Gnu-arch-users] Re: Linus, Neil Stevens, 2003/10/12
- Re: [Gnu-arch-users] Re: Linus, Tom Lord, 2003/10/12
- Re: [Gnu-arch-users] Re: Linus, Thomas Zander, 2003/10/13
- Re: [Gnu-arch-users] Re: Linus, Miles Bader, 2003/10/13
- Re: [Gnu-arch-users] Re: Linus, Thomas Zander, 2003/10/13
- Re: [Gnu-arch-users] Re: Linus, Miles Bader, 2003/10/13