Re: Remote repository permissions best practices

[Doug Lee]

On Mon, Mar 28, 2005 at 04:05:51PM -0500, Todd Denniston wrote:
> Todd Denniston wrote:
> > 
> > "Howard, Les" wrote:
> > >
> > > I've hacked my way through setting up a few CVS repositories in the past,
> > > but I've always struggled with getting the user/group ownership and file
> > > permissions correct.  I always seem to end up with a setup where the users
> > > can't access the files that other users have submitted without going into
> > > the repository as root and chmod/chowning some of the files.
> <SNIP>
> > 1) all the users who need write access to the repository should be in the
> > same UNIX group.
> > 2) after doing `cvs init` you need to chmod g+sw the repository project
> > directory, i.e.,
> > `chown :projectUNIXgroup $CVSROOT/project/; \
> > chmod g+sw $CVSROOT/project/`
> BTW, as you currently have a repo, you may need to walk the whole existing
> repository tree and do something like:
> (assuming no spaces in your directory names, and you use this at your own
> risk)
> cd $CVSROOT/
> chown :projectUNIXgroup project/
> chmod g+sw project/
> for i in `find project -type d`
> do
>  chown :projectUNIXgroup $i
>  chmod g+sw $i
> done

What's the matter with

        cd $CVSROOT
        chown -R :projectUNIXgroup .
        chmod -R g+sw .

assuming constant :projectUNIXgroup and no need for different
permissions anywhere under $CVSROOT.  I wonder in particular if a
subsequent reset of owner/perms in $CVSROOT/CVSROOT would be in order.

I think -R is standard for both chown and chmod now, but a couple of
 `man' checks on the target system wouldn't hurt.-- 

-- 
Doug Lee           address@hidden        http://www.dlee.org
Bartimaeus Group   address@hidden   http://www.bartsite.com
"Innovation is hard to schedule." -- Dan Fylstra