[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Right Permissons !?
From: |
Eric Siegerman |
Subject: |
Re: Right Permissons !? |
Date: |
Wed, 26 Sep 2001 15:36:32 -0400 |
User-agent: |
Mutt/1.2.5i |
On Wed, Sep 26, 2001 at 01:17:08PM +0100, Andrew McGhee wrote:
> -----Original Message-----
> > From: raptor [mailto:address@hidden
> > Sent: 26 September 2001 09:45
> >
> > I made group developers and set CVS repository so that this group has RW
> > access, but when the user commits it changes the owner/group to his i.e.
> > doesn't preserve "developrs" group on file !!!
>
> I think you'll find you need to do a "chmod -R g+s <module name>" to keep
> the group setting sticky.
DO NOT USE THIS COMMAND AS GIVEN! It could open up a security
hole!
If you need to set g+s (see below to help you decide), you should
only set it on the directories, NOT on the files. To do that:
find $CVSROOT -type d -print | xargs chmod g+s
Think first about your desired security policy. That will affect
whether to set g+s on on the entire repo or just selected parts.
(If normal users aren't supposed to be able to edit the admin
files in $CVSROOT/CVSROOT, you can either not set g+s on that
directory, or set the flag and put the directory in a different
group).
Whether g+s will help in the first place depends on the server's
flavour of Unix. SysV variants typically need it (including
Solaris, and maybe Linux but I'm not sure); BSD variants
typically don't. On SysV systems, setting g+s on directory D
tells the system to propagate D's group to any files or
subdirectories created under D (and to set g+s on subdirectories
-- but not on files -- so that this propagation will recursively
happen to sub-subdirectories). BSD systems typically propagate
group membership this way all the time; you can't turn it off, so
you don't need to worry about turning it on :-)
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. address@hidden
| | /
The world has been attacked. The world must respond ... [but] we must
be guided by a commitment to do what works in the long run, not by what
makes us feel better in the short run.
- Jean Chrétien, Prime Minister of Canada
- Right Permissons !?, raptor, 2001/09/26
- RE: Right Permissons !?, Andrew McGhee, 2001/09/26
- Re: Right Permissons !?,
Eric Siegerman <=
- RE: Right Permissons !?, Andrew McGhee, 2001/09/27
- Re: Right Permissons !?, Chris Barker, 2001/09/27
- Re: Right Permissons !?, Larry Jones, 2001/09/27
- Re: Right Permissons !?, Chris Barker, 2001/09/27
- Re: Right Permissons !?, Greg A. Woods, 2001/09/27
- Re: Right Permissons !?, Chris Barker, 2001/09/28
- Getting file comment info?, Mark Jaffe, 2001/09/28
- Re: Getting file comment info?, Matt Riechers, 2001/09/28
- Re: Getting file comment info?, Paul Sander, 2001/09/30
- Re: Getting file comment info?, Larry Jones, 2001/09/28