[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Repository access question...

From: Olav Lindkjølen
Subject: Re: Repository access question...
Date: Sat, 26 Jan 2002 21:50:22 +0100
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

I cant get access to the repository after following your suggestions. I think I got it the way you described it. I can login to the server ok, but when I try to checkout a module it says: "setgid failed: operation not permitted". I have the modules owned by their respective user:group and have done a "chmod 2770 <module>". What have I missed?

Regards from Olav!

Douglas Finkle wrote:

On Thu, Jan 24, 2002 at 05:44:51PM +0100, Olav Lindkjølen wrote:

In short:
---(Admin) must have read/write access to all modules.
---Users from Company B must have read/write access only to
modules with
code owned by them.
---Users from Company B must allso have Read Only Access to
public code.

---Users from Company C must have read/write access only to
modules with
code owned by them.
---Users from Company C must allso have Read Only Access to
public code.

Is there a way to solve this? (cvs user/passwords, file

- Create a UNIX group for each of the companies.
- Put each company's modules in the correct per-company group.
- Put the company's user account(s) into that group, but NOT into
 the "cvs" group.
- Put yourself in all of the per-company groups, AND in "cvs".
- Set everybody's umask to 2, i.e. files and directories will be
 world-readable, and group-writable.

Close, but I do not completely agree:

- Admin group cvs-- nobody else, create an unpriviledged admin role user cvs
- Set (almost, see next line) all files under $CVSROOT/CVSROOT to cvs:cvs
- set $CVSROOT to cvs:public 0750, $CVSROOT/history, val-tags to 0660
cvs:public - Each company has a separate, unique group
- Each company requiring access to "public" modules also be in the same
public group
- Set the group sticky bit on for each module, according to public/private
  that is 2770 for the (private) group.
- Users can change their own umask, but if you force it, do so to 027
- Set up the readers and writers acl's-- assuming you're using v1.10.8 or
  This will enable you to allow read-only checkouts of the public module(s).
  See  in the contrib section of the sources for this.
- DO NOT use pserver-- under any circumstances as it's not safe.

Disclaimer: I think this is all...

Info-cvs mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]