CVS Permission Questions

[Michaelis, Daniel]

Folks,

 

I'm COMPLETELY new to CVS, and am assisting the CVS administrator configure the tool on a Linux server.  I've got a cursory understanding of the CVSROOT directory structure; my question is one of permissions.  I realize that this has probably been addressed in the past, but reading through the archives, I've not found, or not understood the resolution here.

 

My understanding is that I ought to set up an account for a ${CVSADMIN} user, and create a ${CVS} group.  In the ${CVSROOT}/CVSROOT directory, all files should be owned by ${CVSADMIN}, and have very restricted permissions.  My question comes from the remainder of the tree.  If I've got users User1, User2, and User3, all using this repository, I want to make sure that none of these users either accidentally or maliciously destroy or damage the entire CVS tree.  My understanding is that User1, User2, and User3 must all belong to the ${CVS} group in order for things to work properly.  If the permission scheme for the ${CVSROOT} directories looks as follows:

 

 

                           config-files (${CVSADMIN}:750) (640)

                         /                                                                                 ----file2 (User2:700)

                        /                                                                                /

              CVSROOT (${CVSADMIN}:700)           bin (${CVSADMIN}:770) ----- file1 (User1:700)

             /                                                       /

            /                                                       /

${CVSROOT} (${CVSADMIN}:755) ----- ProjectDir1 (${CVSADMIN}: 770)

                        \

                         \

                          ProjectDir2 (${CVSADMIN}: 770)

 

there doesn't seem to be anything that prevents User1 from going into the ProjectDir1/bin directory and removing file2 (which is owned by User2).  The directory permissions don't allow User1 to MOFIDY file2, but they do allow him to REMOVE file2, if he uses the force option on the rm command.  Alternatively, if I set file permissions for the directories to be 700 rather than 770, then neither User1 nor User2 can work with CVS.  

 

I've kludged a solution, which is to set the setuid flag on the cvs executable, but I've seen a number of posts that indicate that isn't a wise move, and I've now got some problems with the update and status command from remote machines, saying that the directories don't exist (interestingly enough, I can check in and update files, but I can't do the same with directories).  The exact error is:

 

            cvs server:  ignoring ${PROJECTDIR1} (CVS/Repository missing)

 

where ${PROJECTDIR1} is the name of the directory that I'm trying to update.

 

Given the background presented here:

 

1. Is it the design of CVS that any user that needs to check in/out files must have read/write permission on all of the directories into which he/she can check in files (meaning that he/she has remove permission at the O/S level within these directories)? If so, I'll stop trying to solve this problem.
2. Are my (CVS/Repository missing) messages related to the setuid that I've done on the cvs executable?
3. If the previous is true, is that because setuid is truly not supported for the cvs executable, or is it something that I've misconfigured?
4. If there is a way to prevent destruction of files, and it is not through setuid, what is the method by which I would accomplish this?

 

Any or all recommendations/solutions would be appreciated.  

 

Thanks.

 

 

Dan Michaelis

 

Database Administrator/Developer

eOriginal

351 West Camden Street

Suite 800

Baltimore, MD 21201

 

410.625.5187 (phone)

410.659.9799 (fax)