info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS import and file permissions


From: Dustin Cavanaugh
Subject: Re: CVS import and file permissions
Date: Wed, 19 Dec 2001 08:26:06 -0800

> So, is it necessary to chgrp to "cvs" every new project that I add to the
> repository?

        It's not necessary if you set your repository up correctly. My
        repository has the following permissions:

$> ls -ld /var/cvs
drwxrwsr-x   16 root     cvs          4096 Dec 19 15:34 /var/cvs

        The g+s bit ensures that files created retain the group 'cvs'.
        ie:

$> ls -l /var/cvs
drwxrwsr-x    4 crafterm cvs          4096 Dec  4 12:57 project1
drwxrwsr-x    4 crafterm cvs          4096 Dec  1 14:43 project2
drwxrwsr-x    4 crafterm cvs          4096 Dec  3 17:51 project3

        Anyone in the cvs group should then have sufficient permissions to
        access/modify these files.

        Hope that helps.

        Cheers,

        Marcus

As a follow-up to what Marcus said, the key is setting the setgid bit. But I also notice that you appear to be running CVS as root. Better to run cvs as an ordinary user and create wrappers for specific functions. I don't know of any exploits using cvs but I'm certainly not going to volunteer my system as a guinea pig! ;)

Please notice that Marcus has created another user, "crafterm", to be the owner of the repository and cvs runs under that id. The group, "cvs" should be stand-alone associated with cvs functions and repositories and nothing else.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]