[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with admin privileges
From: |
Mark D. Baushke |
Subject: |
Re: Problem with admin privileges |
Date: |
Sat, 02 Jul 2005 16:34:46 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Julian Opificius <address@hidden> writes:
> Mark D. Baushke wrote:
>
> >>The only problem now is that if a cvsadmin user introduces a directory
> >>into the cvs repository using "add", the directory is owned by him, not
> >>by the global cvs user, and nobody else can check into/out of that
> >>directory.
> >>
> >>How do I automatically force new directories created by the cvs server
> >>to be owned by the global cvs user, rather than the effective user?
> >
> >
> > This is the wrong question.
> >
> why is that? Maybe I should be talking group here not owner?
Why are new files and directories being created with the wrong group
on the server? Read: https://ccvs.cvshome.org/fom//cache/33.html
See also the paragraph of section '2.2.2 File permissions' of the manual:
https://www.cvshome.org/docs/manual/cvs-1.11.20/cvs_2.html#SEC13
> > You could have the directories all be in a 'cvs' group and use
> >
> > find $CVSROOT -type d -exec chgrp cvs g+s {} \;
Sorry about the typo.
: all the groups should be owned by group cvs
find $CVSROOT -type d -exec chgrp cvs {} \;
: all the group members should be able to write to it
find $CVSROOT -type d -exec chmod g+rwxs {} \;
> > find $CVSROOT -type d -exec chmod g+s {} \;
> >
> > The cvs user could belong to this group 'cvs' as well as your admin
> > users. New files and directories created will inherit the groupid of the
> > parent directory. A crontab job could go thru and change the ownership
> > of the files and directories in the tree to that of the 'cvs' user on a
> > periodic basis as additional cleanup if desired.
> >
>
> g+s is not a valid arg for chgrp. what did you really mean here?
Oops, that was a typo... sorry about that.
> my admin users do already belong to the cvs group, as do all the
> repository directories.
> I think what you're effectively saying here is that by setting sticky
> on the directories, then new directories are created group cvs, and
> owner is not important. Is that right?
Yes.
This is true for GNU/Linux, AIX, and Solaris.
The g+s bit is not needed for FreeBSD or NetBSD which has this behavior
by default.
See also 'Creating a cvs repository with pserver authentication'
http://www.korayguclu.de/index.php?&file=linux.cvs.pserver.xml
Enjoy!
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFCxySW3x41pRYZE/gRAotPAKCy9ittECD0XWxhvMnmjeSOxTKungCgkaNi
N9BSSqGJpnQiSrFHZb5y9q0=
=hpPV
-----END PGP SIGNATURE-----