[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SETXID_SUPPORT
From: |
Moises Zanabria |
Subject: |
Re: SETXID_SUPPORT |
Date: |
Thu, 25 Apr 2002 10:24:35 -0500 |
sorry for delay in replay , but I was looking into this, I tried with
cvs.1.11.2 but same result :
Larry Jones wrote:
>You don't say what platform you're running on, but assuming it's Unix-like
Yes it's, is a Unix, Hp11
>If it does, then you probably have a link problem; if not, it's probably a
problem with your changes.
The only change that I made according with the INTALL manual was:
14. How about using groups and setgid() then?
Here is a way to run CVS setgid in some environments:
Stick this near the front of the main() in main.c:
setgid(getegid());
This will allow "access" to work on systems where it only works on the
real gid.
Create a group named "cvsg". (This example uses "cvsg". You can name it
as you wish.)
Put *no* users in the "cvsg" group. You can put Repository
administrators in this group if you want to.
Set the cvs executable to setgid (not setuid):
cd /usr/local/bin; chown root.cvsg cvs; chmod 2755 cvs
Make sure every file in the Repository is in group "cvsg":
chown -R root.cvsg $CVSROOT
Change all directory permissions to 770. This allows all access to
the files by the "cvsg" group (which has no members!) and no access at
all to anyone else.
find $CVSROOT -type d -exec chmod 2770 {} \;
On some systems you might have to type:
find $CVSROOT -type d -exec chmod u=rwx,g=rwx,o=,g+s {} \;
I don't know if for the new version 1.11.2 it needs a requirement, like
libraries or something.
or for getegid needs an extra change.
Please advise.
Thanks.
Moises
> Moises Zanabria writes:
> >
> > This is a multi-part message in MIME format.
>
> Please do not send MIME and/or HTML encrypted messages to this list.
> Plain text only, please.
>
> > I got this :
> > revision 1.1
> > date: 2002/03/08 23:08:31; author: uid15364; state: Exp;
> > branches: 1.1.1;
> > Initial revision
> >
> > and actually if I use my cvs 1.10 (server) I see :
> > revision 1.2
> > date: 2002/03/08 23:08:31; author: mzanabri; state: Exp;
> >
> > Any ideas what I doing wrong.
>
> You don't say what platform you're running on, but assuming it's
> Unix-like, that implies that the getpwuid() system call with your uid
> returned NULL. If you're using NIS (nee Yellow Pages) to distribute
> users and passwords, it may be that you need to link with a special
> library to get an NIS-enabled version of that routine. Or it could be
> one of your modifications. You might want to try building an unmodified
> version of CVS and see if it has the same problem. If it does, then you
> probably have a link problem; if not, it's probably a problem with your
> changes.
>
> -Larry Jones
>
> You should see me when I lose in real life! -- Calvin
>
- Re: SETXID_SUPPORT,
Moises Zanabria <=