Re: set group id not taking effect?

[Mark D. Baushke]

Paul Edwards <kerravon@nosppaam.w3.to> writes:

> My repository is under a particular unix group, say groupa.
> 
> I have a user who is not in groupa.
> 
> No problem, I just did a chmod g+s cvs
> 
> and asked them to try again.
> 
> Nope, it fails because $CVSROOT/CVSROOT is not writable.
> Indeed, it is not world writable, but I expected the setgid to take
> care of that.

The $CVSROOT/CVSROOT directory is group "cvs" and had g+rwxs permissions
and your OS honors g+s directory permissions and the OS allows g+s
executables to be honored from the mounted directory?

> 
> Sun Solaris.
> CVS 1.11.6

Yes, solaris UFS directories may use g+rwxs permissions. Although I
believe it is possible for NFS to disable that support. I would hope
your repository is not NFS mounted.

> 
> the executable is in a directory that is allowed to have setuid,

Good.

> although I just realised I didn't specifically check if setgid was
> allowed or not.  Certainly the bit was set, but I didn't think of
> checking /etc/mnttab until just now.  Any ideas?

If you want to have cvs run setgid as group cvs, you may want to
consider adding a '#define SETXID_SUPPORT 1' to your config.h file so
that things like running $EDITOR do not give your users a shell with the
egid of the cvs group. However, that can wait until you have things
working in the first place.

In the past, I have used a set-gid cvs executable with no problems. I
believe it should still work with cvs 1.11.6, but I have not actually
tried it.

        -- Mark