Re: [Gnu-arch-users] Re: Linus

[Ethan Benson]

On Sun, Oct 12, 2003 at 08:18:01PM -0400, Miles Bader wrote:
> On Sun, Oct 12, 2003 at 03:42:22PM -0800, Ethan Benson wrote:
> > > Could those things all be done with filesystem permissions, since
> > > arch's archive layout mirrors the high-level structure of an archive?
> > 
> > yes, branches, versions, categories can all be secured with standard
> > filesystem permissions.  of course you still need to find a way to
> > keep those permissions consistent since arch isn't going to help you
> > in that regard.
> 
> Does it need to?  In what cases does putting people into appropriate groups
> and using `chgrp GROUP DIR; chmod g+s DIR' not work [this requires manual
> setup on the server, but then so do server-side scripts]?  Using permissions
> and groups in this way seems like a _much_ more natural and elegant solution
> than writing server-side scripts.

you must make sure the umask gets set such that new dirs get the same
permissions as the parent, or else the last person to commit will be
the only one able to commit in the future (since others would be
unable to move the +revision-lock dir). 

it can be done with tla help, but it would be less hassle if tla
helped. but tom has declared it won't, so we have to deal with that.

and its NOT just as easy as setting the umask globally, that only
works if ALL your archives/categories/branches/versions use the same
set of permissions, if they don't you have to come with some method
that figures out what part of the archive is going to be modified and
set the umask to match the permissions used there.

default acls would probably do it, i haven't tried that, and acl
support is rather limited at this point (on linux 2.4 its only if you
use XFS, or apply large ext* patches).

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

pgp9yh05Pbj7q.pgp
Description: PGP signature