[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: set group id not taking effect?
From: |
Mark D. Baushke |
Subject: |
Re: set group id not taking effect? |
Date: |
Wed, 13 Aug 2003 09:56:06 -0700 |
Paul Edwards <kerravon@nosppaam.w3.to> writes:
> My repository is under a particular unix group, say groupa.
>
> I have a user who is not in groupa.
>
> No problem, I just did a chmod g+s cvs
>
> and asked them to try again.
>
> Nope, it fails because $CVSROOT/CVSROOT is not writable.
> Indeed, it is not world writable, but I expected the setgid to take
> care of that.
The $CVSROOT/CVSROOT directory is group "cvs" and had g+rwxs permissions
and your OS honors g+s directory permissions and the OS allows g+s
executables to be honored from the mounted directory?
>
> Sun Solaris.
> CVS 1.11.6
Yes, solaris UFS directories may use g+rwxs permissions. Although I
believe it is possible for NFS to disable that support. I would hope
your repository is not NFS mounted.
>
> the executable is in a directory that is allowed to have setuid,
Good.
> although I just realised I didn't specifically check if setgid was
> allowed or not. Certainly the bit was set, but I didn't think of
> checking /etc/mnttab until just now. Any ideas?
If you want to have cvs run setgid as group cvs, you may want to
consider adding a '#define SETXID_SUPPORT 1' to your config.h file so
that things like running $EDITOR do not give your users a shell with the
egid of the cvs group. However, that can wait until you have things
working in the first place.
In the past, I have used a set-gid cvs executable with no problems. I
believe it should still work with cvs 1.11.6, but I have not actually
tried it.
-- Mark