info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with admin privileges

From: Mark D. Baushke
Subject: Re: Problem with admin privileges
Date: Sat, 02 Jul 2005 16:34:46 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Opificius <address@hidden> writes:

> Mark D. Baushke wrote:
> 
> >>The only problem now is that if a cvsadmin user introduces a directory 
> >>into the cvs repository using "add", the directory is owned by him, not 
> >>by the global cvs user, and nobody else can check into/out of that 
> >>directory.
> >>
> >>How do I automatically force new directories created by the cvs server 
> >>to be owned by the global cvs user, rather than the effective user? 
> > 
> > 
> > This is the wrong question.
> > 
> why is that? Maybe I should be talking group here not owner?

  Why are new files and directories being created with the wrong group
  on the server? Read: https://ccvs.cvshome.org/fom//cache/33.html

See also the paragraph of section '2.2.2 File permissions' of the manual:
https://www.cvshome.org/docs/manual/cvs-1.11.20/cvs_2.html#SEC13

> > You could have the directories all be in a 'cvs' group and use 
> > 
> >   find $CVSROOT -type d -exec chgrp cvs g+s {} \;

Sorry about the typo.

   : all the groups should be owned by group cvs
   find $CVSROOT -type d -exec chgrp cvs {} \;

   : all the group members should be able to write to it
   find $CVSROOT -type d -exec chmod g+rwxs {} \;

> >   find $CVSROOT -type d -exec chmod g+s {} \;
> > 
> > The cvs user could belong to this group 'cvs' as well as your admin
> > users. New files and directories created will inherit the groupid of the
> > parent directory. A crontab job could go thru and change the ownership
> > of the files and directories in the tree to that of the 'cvs' user on a
> > periodic basis as additional cleanup if desired.
> > 
> 
> g+s is not a valid arg for chgrp. what did you really mean here?

Oops, that was a typo... sorry about that.

> my admin users do already belong to the cvs group, as do all the 
> repository directories.

> I think what you're effectively saying here is that by setting sticky
> on the directories, then new directories are created group cvs, and
> owner is not important. Is that right?

Yes.

This is true for GNU/Linux, AIX, and Solaris. 

The g+s bit is not needed for FreeBSD or NetBSD which has this behavior
by default.

See also 'Creating a cvs repository with pserver authentication'
http://www.korayguclu.de/index.php?&file=linux.cvs.pserver.xml

        Enjoy!
        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFCxySW3x41pRYZE/gRAotPAKCy9ittECD0XWxhvMnmjeSOxTKungCgkaNi
N9BSSqGJpnQiSrFHZb5y9q0=
=hpPV
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]