Re: Administrative database file protection problem

[Eric Siegerman]

On Tue, Dec 18, 2001 at 09:35:32AM -0800, Dustin Cavanaugh wrote:
> My repository is on unix (Sun); the owner is "cvs" and the group is "cvs". 
>
> Whenever a user changes one of the Administrative database files, cvs 
> complains of Permission denied. Users (developers) are members of the cvs 
> group (though its not their primary group).

Do the repository directories, and specifically $CVSROOT/CVSROOT,
have the setgid bit set?  On Solaris, you need that in order for
newly created files to inherit their group from the parent
directory.  See chmod(2), and the discussion of O_CREAT in
open(2).

Another possibility is that you're NFS-mounting the repo (which
is a bad idea in any case! -- there are numerous reports of
repo-corruption problems over NFS), and the users are in more
groups than NFS supports.  If so, the NFS server never sees that
the user is in the "cvs" group, even though the NFS client does.

> I notice that when the database is rebuilt (either by commit or init), all 
> the database file protections are reset to -r--r--r--.

Shouldn't be a problem, if the group memberships are correct.

--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        address@hidden
|  |  /
One ring to rule the mall
        - Movie review headline, eye Magazine