Re: Setting access control restrictions on folders

[Adrian Ho]

On Tue, Jun 28, 2005 at 05:10:22AM -0700, Raghukumar.c wrote:
> I am trying to restrict access to the modules inside the repository using
> the group/other mode permissions.The CVS Server is on a Linux machine and
> the client is TortoiseCVS/WinCVS. We have a pserver authentication set up.
> All the users log in with their own username/passwd but use a common system
> username. At present the umask value of the default user is 0002. I am
> trying to make this 0007. I tried using the CVSUMASK environment variable by
> declaring it in the profile file of the system username. This didnt work.

Because .profile is sourced only during login sessions.  Besides, *inetd
(or whatever inet superserver program you're using to host the CVS
pserver) doesn't spawn a shell to begin with, so I'd be very surprised
if it did work.

> I also tried with umask command. Even this failed. I always have my
> modules and the directories inside it created with 775 mode.

No surprise there either.  umask only affects child processes spawned
from the shell in which it was set.  Since your superserver doesn't
spawn a shell to begin with (blah blah blah).

> Initially I thought I was erring with the way I was setting umask but
> then I logged in as the system username and created directories/files,
> which worked fine.

Your initial thought was correct.

> Is there something that I am missing, or is it that CVSUMASK nor umask works
> in this scenario.

You're simply setting either/both in the wrong place.  Simply write a
wrapper script, something like:

#!/bin/sh
umask 0007
# or CVSUMASK=0007; export CVSUMASK
exec /path/to/cvs "$@"

and invoke this script instead of cvs in your inetd/whatever config file.

- Adrian