[ale] Permissions Q

John Mills jmmills at telocity.com
Thu Jun 13 10:47:09 EDT 2002 

Hi, Mike -

On Wed, 12 Jun 2002, Mike Millson wrote:

> Ex. 1
> ========================================
> I have a CVS repository that is currently owned by root and its group is
> root. What is the best way to allow users access? Should I leave the Owner
> and Group as root and allow Others read and write access? Should I create a
> new group that is specifically for CVS, give it read and write privileges
> and add each user to it?

I assume you are working through :pserver: or a secure equivalent. I am
just setting up a CVS repository for a development team working on many
files (~1500) of a new product. Here's what I did:

 I created a user 'cvsmgr' who belongs to 'cvsusers' and who owns
$CVSROOT, its children, and its contents.
 I put all developers in $CVSROOT/CVSROOT/passwd, with their choice of
trivial or null passwords, and all with the CVS user-identity of 'cvsmgr';
and one read-only user, 'buildusr', with null password and no other
identity.

 I created a group 'cvsusers' and added all developers, 'cvsmgr', and
'buildusr' to that group.

NOTE:
System accounts must _exist_ for all these CVS users, but they can be
'nologin' accounts.

So far the only wrinkle I've seen is this: when a user creates a new
_directory_ in the CVS repository, it gets the permissions: 'drwxrwxr-x'
and cannot be used (even for checkout) by any other user until the
permissions have been changed to 'drwxrwxrwx'. I would like these to be
the default permission settings for new directories in CVS, but haven't
been able to manage it. Naturally for many organizations the current
defaults are correct.

New files' permissions default to '-r--r--r--' which is _correct_ (except
for executables, which need '-r-xr-xr-x'). 'Apparent' ownership of files
and directories in $CVSROOT is 'cvsmgr', which is correct.

HTH.

 - John Mills


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list