[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: File permissions

From: Tobias Brox
Subject: Re: File permissions
Date: Wed, 26 Sep 2001 01:48:46 +0400
User-agent: Mutt/1.0.1i

[Matt Riechers - Tue at 02:47:48PM -0400]
> On the same thought, you could also create a seperate repository just for 
> admin
> files, readable only by root.

Just what I ment ... though ... I probably didn't express myself clearly

The problem is that, among a lot of "public" files (mode 644), there is some
few secret files (mode 600).  "cvs add" will silently ignore any file
permissions and make the ,v-file world readable (mode 444).

I can think of four solutions to the problem:

1. Keep files that need to be available to the public and files that should
be kept secret in separate repositories, and restrict read/execute
permissions to the "secret" $CVSROOT.  Works well for my case, anyway - but
certainly not recommended if there are both public and secret files in the
same directory.

2. Keep the secret files away from the CVS repository, they don't belong
there anyway. 

3. Add and commit an empty file with the same filename as the secret file,
and set the right permissions at the ,v-file before committing the real
secret file.  I can certainly do that, but I don't expect just any cvs user
to do the same.

4. Hack cvs, so that it automaticly creates new ,v-files respecting the
restricted mode of the original file if some command line option is given.
Eventually let cvs warn if it makes a repository file that is more readable
than the work file.

It is the last point I really want comments on - is it a smart thing to do,
or not? 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]