Permissions, groups, etc

[Kevin Duffey]

Hey all,

I am trying to understand the various intracacies with
users, permissions, groups and control of a
repository.

I have done the usual in initing a repository, setting
a "cvs" group as the owner of the initial repository
directory. I read that a "cvsadmin" group should be
the only accessible to the CVSROOT dir in a
repository, so I created a cvsadmin group, made it the
owner of the CVSROOT dir (via chgrp). Now, oddly, any
user in the cvs group is still able to CD into the
CVSROOT and see it. I basically want to only allow
cvsadmin users to be able to do anything with that
dir. Any ideas on this? I thought by making the
cvsadmin group the owner of the dir with owner and
group settings at rwx, but world set at --- would
prevent any group other than users in cvsadmin group
from accessing it. IS this not the case? Do I need to
block off the group permission for execute to avoid
them changing into it?

Also, is their the notion of "parent" groups. That is,
ALL of our users will access the cvs repository, so
they will be in the cvs group. But besides that, we
want to put specific users in some groups that have
read/write to various projects but only read access to
other projects. If the cvs group owns all repository
dirs with a rwxrwx--- permission set on all dirs/files
(initially) in the repository, how do we allow users
of the cvs group to also be users of other groups that
have read/write in some modules, and read-only in
others? I understand permissions a bit, but am no
expert with linux or cvs, so I am trying to figure out
how to build a security architecture for our
repository.

Thanks.



__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com