|
From: | Dustin Cavanaugh |
Subject: | Re: CVS import and file permissions |
Date: | Wed, 19 Dec 2001 08:26:06 -0800 |
> So, is it necessary to chgrp to "cvs" every new project that I add to the > repository? It's not necessary if you set your repository up correctly. My repository has the following permissions: $> ls -ld /var/cvs drwxrwsr-x 16 root cvs 4096 Dec 19 15:34 /var/cvs The g+s bit ensures that files created retain the group 'cvs'. ie: $> ls -l /var/cvs drwxrwsr-x 4 crafterm cvs 4096 Dec 4 12:57 project1 drwxrwsr-x 4 crafterm cvs 4096 Dec 1 14:43 project2 drwxrwsr-x 4 crafterm cvs 4096 Dec 3 17:51 project3 Anyone in the cvs group should then have sufficient permissions to access/modify these files. Hope that helps. Cheers, Marcus
As a follow-up to what Marcus said, the key is setting the setgid bit. But I also notice that you appear to be running CVS as root. Better to run cvs as an ordinary user and create wrappers for specific functions. I don't know of any exploits using cvs but I'm certainly not going to volunteer my system as a guinea pig! ;)
Please notice that Marcus has created another user, "crafterm", to be the owner of the repository and cvs runs under that id. The group, "cvs" should be stand-alone associated with cvs functions and repositories and nothing else.
[Prev in Thread] | Current Thread | [Next in Thread] |