[Techtalk] cvs permissions

nicole colby at wsu.edu
Mon May 17 20:41:15 EST 2004 

At 23:08 on May 17, Conor Daly shook the earth with:

> me		devel / doc				source + doc
> ben		devel		doc			source
> laurel		devel / doc				source + doc
> dean		user		source + doc
> ciara		doc		source			doc
>
> It appears to me that I can only put 'me' and 'laurel' in
> $CVSROOT/CVSROOT/writers since it grants universal write permissions  (no,
> it grants write permissions to dirs owned by me / laurel).  Making me, ben
> and laurel members of group 'app-devel' and me, laurel and ciara members
> of group 'app-doc' looks promising but how do I guarantee that the module
> I commit will have the proper gid?  If $CVSROOT is gid 'app-devel' and
> SGID, all commits will have gid 'app-devel' applied to them, even if they
> are committed by group 'app-doc'.
>
> I can get around that by making parallel repositories for 'devel' and
> 'doc' but that isn't elegant or extensible.  Is there something I'm
> missing?  A different authentication method?


I'm no CVS genius, let alone inheriting file permissions genius, but what
would prevent you from having a subdirectory sgid another gid?

For example:

Repository: devel

/var/cvs/devel/ sgid devel
/var/cvs/devel/docs/ sgid docs
/var/cvs/devel/src/ sgid src

In your CVSROOT/modules, you could have something like:

devel devel
docs devel/docs&
src devel/src&

If people just wanted to check out "docs" or "src" instead of the whole
"devel" tree.

I don't know if the subdir sgid groups thing will work... I haven't tried
it. My CVS tree is governed only by groups and users, except for an
"anonymous" user in the readers file. I have done everything the "easy"
way with modules that determine group permissions, then something like the
modules above. For example, i have /var/cvs/web/ and
/var/cvs/web/intranet/ with "intranet web/intranet&" in my modules so
someone can just checkout intranet if they are responsible for that. This
works well when you're only talking a few people, but if you want to scale
I think the subdirs/modules thing seems more productive.

-nicole

More information about the Techtalk mailing list