LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 11-22-2011, 06:24 AM   #1
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Rep: Reputation: 220Reputation: 220Reputation: 220
cvs user permission


Hello All,

Can anyone please tell me how to set read and write permission to cvs users

I don't think setfacl can be useful?

I did a bit google and found that we need to download cvs-acl-extension patch

Is that the only way to work around with or is there any other way through which I can give permissions to all cvs users on the repositories?

How do we use this cvs-acl-extension patch?

Plase help me with any idea or suggestion

Thanks
 
Old 11-22-2011, 09:12 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,119

Rep: Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818
There are two (simple) ways to do this: (1) if all your users are CVS users, change the group of your ${CVSROOT} directory or, (2) add a special group for CVS, add your CVS users to that group and change the group of your ${CVSROOT} directory.

Here's how.

If you want all system users to have access and assuming your ${CVSROOT} is in /usr/local (the default location on many systems), simply
Code:
su -
cd /usr/local
chmod 775 cvsroot
chgrp users cvsroot
cd cvsroot
chmod 775 CVSROOT
chgrp -R users CVSROOT
That's it.

If you want to add a special group for CVS users (so others can't get into it),
Code:
su -
groupadd cvs        (or cvsusers or cvsgroup or whatever you want)
cd /usr/local
chmod 775 cvsroot
chgrp cvs cvsroot
cd cvsroot
chmod 775 CVSROOT
chgrp -R cvs CVSROOT
Then, add that group to the individual users that you want to have access; let's say the users are bill, fred, sam and john:
Code:
usermod -a -G cvs bill,fred,sam,john
And that takes care of that.

If you really want to deny all non-CVS users access to the CVS tree, rather than
Code:
chmod 775 cvsroot
use
Code:
chmod 770 cvsroot
and no non-CVS users will be able to access anything in ${CVSROOT}.

Additionally, if you want to have authorized CVS user log in, you can add a password -- if you wan to do that, let me know and I'll give you the instructions for doing so.

Note: all the above relies on your users do all CVS activities using CVS commands; i.e., no writing directly in the CVS repository files and directories.

Hope this helps some.
 
1 members found this post helpful.
Old 11-22-2011, 09:43 AM   #3
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Original Poster
Rep: Reputation: 220Reputation: 220Reputation: 220
No this is something which can be given to normal users instead of cvs users

I did a lot of google and came up with readers and writers file but that is confusing

when I add a user in readers file, that user gets read only access
but when I delete that user and add in writers file, still that user getting a permission denied error while creating or deleting any file

and in third case when I delete the readers file and simply mention the name of user in writers file, the user has full access



can you please explain me the concept of this readers and writers file

I have few users for whom I need to give read only and for few users full access
But I don't understand how to do that

Please don't mind If I am confusing you..

Thanks a lot for your reply
 
Old 11-22-2011, 10:18 AM   #4
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Original Poster
Rep: Reputation: 220Reputation: 220Reputation: 220
This is a update

It was something related to user group permission

But thanks alot..I had seen your earlier post as well on CVS..they were really very helpful

Thanks once again

Ill get back if I get any other issues
 
Old 11-22-2011, 10:50 AM   #5
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,119

Rep: Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818
What I gave you is a "correct" way to grant levels of permission in CVS -- setfacl is not useful at all simply because all access management is done by CVS via the various CVS command and utilities -- little note at the bottom of the post?
Quote:
Note: all the above relies on your users doing all CVS activities using CVS commands; i.e., no writing directly in the CVS repository files and directories.
Believe me when I tell you that you do not under any circumstances want users crawling around in the CVS repositories -- they will not have a clue what they're looking at (bear in mind that all the changes committed in a file in CVS are embedded in that file and wading through that stuff even if you know what you're doing is not a trivial exercise) and you will rapidly have a horrid mess on your hands if they do something they should not.

Anyway, best of luck with it.

Hope this helps some.
 
Old 11-23-2011, 12:10 AM   #6
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Original Poster
Rep: Reputation: 220Reputation: 220Reputation: 220
Quote:
Originally Posted by tronayne View Post
What I gave you is a "correct" way to grant levels of permission in CVS -- setfacl is not useful at all simply because all access management is done by CVS via the various CVS command and utilities -- little note at the bottom of the post?

Believe me when I tell you that you do not under any circumstances want users crawling around in the CVS repositories -- they will not have a clue what they're looking at (bear in mind that all the changes committed in a file in CVS are embedded in that file and wading through that stuff even if you know what you're doing is not a trivial exercise) and you will rapidly have a horrid mess on your hands if they do something they should not.

Anyway, best of luck with it.

Hope this helps some.
Yes that is what I want to do the same But the scenario is quite different

For one repository I have three groups
For one group I want full access and for other two read only access

So how can we do that using chgrp?
Can you give an example?
 
Old 11-23-2011, 10:05 AM   #7
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,119

Rep: Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818
Easy as pie -- set up the cvs group as described above, add the users you want to have full access to that group, set permissions like this
Code:
su -
cd /usr/local
chmod 775 cvsroot
cd cvsroot
chmod 775 CVSROOT
That will give the users in the cvs group read-write permissions (a user needs write permission to commit changes) and other users read-only access (they'll be able to check out but not check back in).

Your other option is to, in addition to setting up the cvs group and add it to users with full access, set up passwords within CVS. This way, authorized users will need to log in and others will not but will have check out capability -- this is the way you can check out applications like Bugzilla via CVS over the internet but not commit any changes you make back to the source repository. You would want to use cvspserver to do this (the CVS server then operates on your LAN).

If you want to do the password thing, let me know and I'll give you instructions (which, of course, are also found in the CVS manual).

Hope this helps some.
 
Old 11-23-2011, 12:08 PM   #8
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Original Poster
Rep: Reputation: 220Reputation: 220Reputation: 220
I did as you said

my group is cvsuser which contains all cvs users
and I gave 775 permission to repository

Code:
#chown -R cvsrepo:cvsuser /cvsroot/repository
#chmod 755 /cvsroot/repository
(here cvsrepo is a default admin)

But when I try to add a text document through client software

I get the following error

Code:
cvs server aborted: "add" requires right access to the repository
my user is a member of cvsuser

I tried to do a test so I gave full permission to all the projects as well the repository including /cvsroot but still I get the same error

Can you please help me come out of this..It is really troubling alot
 
Old 11-23-2011, 12:12 PM   #9
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,119

Rep: Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818
You did the mode change chmod 755 /cvsroot/repository, that's read-write for owner, read only for group and public.

Try chmod 775 /cvsroot/repository instead.
 
Old 11-23-2011, 10:48 PM   #10
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Original Poster
Rep: Reputation: 220Reputation: 220Reputation: 220
Quote:
Originally Posted by tronayne View Post
You did the mode change chmod 755 /cvsroot/repository, that's read-write for owner, read only for group and public.

Try chmod 775 /cvsroot/repository instead.
As I said earlier also when 755 was not working I gave 777 permission but still I receive the samr error..I really don't understand this

other problems which I face is when I do checkout module from client software it returns with an error
Code:
cvs checkout: cwd=E:\cvstest ,current=E:\cvstest
cvs checkout: failed to create lock directory for `/usr/local/cvsroot/CVSROOT' (/usr/local/cvsroot/CVSROOT/#cvs.history.lock): Permission denied
cvs checkout: failed to obtain history lock in repository `/usr/local/cvsroot'
cvs checkout: Updating test
cvs checkout: failed to create lock directory for `/usr/local/cvsroot/test' (/usr/local/cvsroot/test/#cvs.lock): Permission denied
cvs checkout: failed to obtain dir lock in repository `/usr/local/cvsroot/test'
cvs [checkout aborted]: read lock failed - giving up


but after giving 777 permission I was able to come through these errors

But still when I try to add a text file inside my project...I get the error

Code:
cvs server aborted:"add" requires write access to repository


Is it somewhere related to this issue?
What is "+" in drwxrwxrwx+

Last edited by deep27ak; 11-24-2011 at 12:01 AM.
 
Old 11-24-2011, 04:50 AM   #11
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Original Poster
Rep: Reputation: 220Reputation: 220Reputation: 220
There is one more thing which I need to ask

What is the importance of readers and writers file in CVSROOT as for now I see that even if I mention the name of user in writers file, that user gets the same error?
 
Old 11-24-2011, 09:18 AM   #12
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,119

Rep: Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818
OK, let's stop fiddling around.

Here's what your cvsroot directory should look like:
Code:
drwxrwxr-x 13 root cvs   4096 Nov  3 15:29 cvsroot/
The mode is 775.

Here's what things should look like in cvsroot:
Code:
cd cvsroot
ls -al
drwxrwxr-x 13 root  cvs   4096 Nov  3 15:29 ./
drwxr-xr-x 19 root  root  4096 Nov  3 11:37 ../
drwxrwxr-x  3 root  cvs   4096 Nov 15 10:41 CVSROOT/
drwxr-xr-x  3 trona cvs   4096 Oct  7  2009 county/
drwxr-xr-x  3 trona cvs   4096 Nov 15 10:41 general/
drwxrwxr-x  3 trona cvs   4096 Oct  2 12:00 gnis/
drwxrwxr-x  3 trona cvs   4096 Sep 13 16:15 ims/
drwxrwxr-x  6 trona cvs   4096 Nov  3 12:09 map/
drwxrwxr-x  3 trona users 4096 Nov  3 15:31 nawk/
drwxr-xr-x  3 trona cvs   4096 Oct  7  2009 nhpn/
drwxrwxr-x  5 trona cvs   4096 Dec 16  2010 recipes/
drwxrwxr-x  9 trona cvs   4096 Jun  4  2010 topics/
drwxrwxr-x  3 trona cvs   4096 Oct 26 12:17 utils/
All those directories -- except CVSROOT -- are projects.

Here's what CVSROOT looks like:
Code:
ls -al CVSROOT
total 156
drwxrwxr-x  3 root cvs 4096 Nov 15 10:41 ./
-rw-rw-r--  1 root cvs  495 Oct  7  2009 .#checkoutlist
-rw-rw-r--  1 root cvs  760 Oct  7  2009 .#commitinfo
-rw-rw-r--  1 root cvs 1302 Oct  7  2009 .#config
-rw-rw-r--  1 root cvs  602 Oct  7  2009 .#cvswrappers
-rw-rw-r--  1 root cvs 1025 Oct  7  2009 .#editinfo
-rw-rw-r--  1 root cvs 1141 Oct  7  2009 .#loginfo
-rw-rw-r--  1 root cvs 1087 Oct  7  2009 .#modules
-rw-rw-r--  1 root cvs  564 Oct  7  2009 .#notify
-rw-rw-r--  1 root cvs  649 Oct  7  2009 .#rcsinfo
-rw-rw-r--  1 root cvs  879 Oct  7  2009 .#taginfo
-rw-rw-r--  1 root cvs 1026 Oct  7  2009 .#verifymsg
drwxrwxr-x 13 root cvs 4096 Nov  3 15:29 ../
drwxrwxr-x  2 root cvs 4096 Oct  7  2009 Emptydir/
-r--r--r--  1 root cvs  495 Oct  7  2009 checkoutlist
-r--r--r--  1 root cvs  696 Oct  7  2009 checkoutlist,v
-r--r--r--  1 root cvs  760 Oct  7  2009 commitinfo
-r--r--r--  1 root cvs  961 Oct  7  2009 commitinfo,v
-r--r--r--  1 root cvs 1302 Oct  7  2009 config
-r--r--r--  1 root cvs 1503 Oct  7  2009 config,v
-r--r--r--  1 root cvs  602 Oct  7  2009 cvswrappers
-r--r--r--  1 root cvs  803 Oct  7  2009 cvswrappers,v
-r--r--r--  1 root cvs 1025 Oct  7  2009 editinfo
-r--r--r--  1 root cvs 1226 Oct  7  2009 editinfo,v
-rw-rw-rw-  1 root cvs 6410 Nov 15 10:41 history
-r--r--r--  1 root cvs 1141 Oct  7  2009 loginfo
-r--r--r--  1 root cvs 1342 Oct  7  2009 loginfo,v
-r--r--r--  1 root cvs 1087 Oct  7  2009 modules
-r--r--r--  1 root cvs 1288 Oct  7  2009 modules,v
-r--r--r--  1 root cvs  564 Oct  7  2009 notify
-r--r--r--  1 root cvs  765 Oct  7  2009 notify,v
-rw-r--r--  1 root cvs   62 Jun 19  2010 passwd
-r--r--r--  1 root cvs  649 Oct  7  2009 rcsinfo
-r--r--r--  1 root cvs  850 Oct  7  2009 rcsinfo,v
-r--r--r--  1 root cvs  879 Oct  7  2009 taginfo
-r--r--r--  1 root cvs 1080 Oct  7  2009 taginfo,v
-rw-rw-rw-  1 root cvs    0 Oct  7  2009 val-tags
-r--r--r--  1 root cvs 1026 Oct  7  2009 verifymsg
-r--r--r--  1 root cvs 1227 Oct  7  2009 verifymsg,v
Note: I do not have an "administrative" user (root is). Individual projects will be owned by the user that imported them -- that does not matter, the group read-write permissions allows any authorized user to edit and commit changes. You do not need to fiddle around changing the owner of project directories or files withing those directories.

Projects are created with
Code:
cd <source code directory>
cvs import -m "initial installation in CVS" project_name vendor release
Projects are checked-out with
Code:
cd <working directory>
cvs co project_name
If you add a new file to the project in the working directory:
Code:
cvs add -m "Initial Installation" <new_file_name>
cvs commit
If you are changing anything in an existing file
Code:
cvs edit file_name
<edit, test>
cvs commit -m "this is why I changed this file" file_name
Done working on it, release it
Code:
cd .. (from the project directory back to your working directory>
cvs release -d project_name
If you're not already doing this, every file in your projects should have headers that look something like this (this is for C, change the comment indicators for other languages):
Code:
#ident  "$Id$"

/*
 *      Copyright (C) Enter_Date, Copyright_Owner
 *
 *      This program is free software; you can redistribute it and/or
 *      modify it under the terms of version 2 of the GNU General
 *      Public License as published by the Free Software Foundation.
 *
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 *      General Public License for more details.
 *
 *      You should have received a copy of the GNU General Public
 *      License along with this program; if not, write to the Free
 *      Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 *      MA 02111-1307, USA.
 *
 *      Name:           $Source$
 *      Purpose:        What Does This Code Do
 *      Version:        $Revision$
 *      Modified:       $Date$
 *      Author:         Original Author's Name (never change this)
 *      Date:           Original Create Date (never change this)
 *      $Log$
*/
Obviously, change the wording above as you see fit but retain the CVS keywords for documentation. The use of -m "this is why.." above goes into the $Log$ field, giving an explanation of why something was changed; if you do not use the -m flag, you're prompted to enter a description of what you did and why (for multi-line entries).

Hope this helps some.
 
Old 11-24-2011, 01:55 PM   #13
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
hi

Checked out the link i break my head lot a few days back regarding same permission issue .Even i had added user to root group,and also checked out by enable super user permission to user .I Finally found Linux permission has nothing to do with cvs permssion. i had maually written scripts in crontab


chmod -R 777 /var/cvs/CVSROOT for every min ..so that when ever user create a file in the CVSROOT my scripts could enable full permission..Its not a proper way of solution but it solved my issue permanently

http://www.linuxquestions.org/questi...of-cvs-908723/

IF u read out the above link u could get some sort of idea about cvs permission .so that u doesint repeat same error wat i had done earlier

Best OF Luck

Last edited by arun5002; 11-24-2011 at 02:07 PM.
 
0 members found this post helpful.
Old 11-24-2011, 11:16 PM   #14
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Original Poster
Rep: Reputation: 220Reputation: 220Reputation: 220
@tronayne

I agree with what you mentioned but I guess you should consider what I am trying to do and what output am I getting

I have a group cvsuser under which I have a user user1
my repository is in /usr/local/cvsroot

now on linux user1 is able to login to perfectly and checkout

But when I use client machine and try working with wincvs , I am able to login, checkout but when I try to check the permission as given by me.

Manually I go to the cvscheckout directory and create a text document and when I try to add it with wincvs it returns with the error I mentioned

I don't really think this is somewhere related to permission

Code:
#cd /usr/local
#ls -l
drwxrwxrwx 5 user1 cvsuser 4096 Nov 17 10:29 cvsroot
as I used
Code:
#chmod -R 777 cvsroot/
#chown -R user1:cvsuser cvsroot
So according to this command all the files have the ownership of user1 but still on wincvs I get the same error while adding a binary code

Code:
cvs server aborted:"add" requires write access to repository
***** CVS exited normally with code 1 *****
I hope now you get what is happening
 
Old 11-24-2011, 11:19 PM   #15
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,190
Blog Entries: 4

Original Poster
Rep: Reputation: 220Reputation: 220Reputation: 220
Quote:
Originally Posted by arun5002 View Post
hi

Checked out the link i break my head lot a few days back regarding same permission issue .Even i had added user to root group,and also checked out by enable super user permission to user .I Finally found Linux permission has nothing to do with cvs permssion. i had maually written scripts in crontab


chmod -R 777 /var/cvs/CVSROOT for every min ..so that when ever user create a file in the CVSROOT my scripts could enable full permission..Its not a proper way of solution but it solved my issue permanently

http://www.linuxquestions.org/questi...of-cvs-908723/

IF u read out the above link u could get some sort of idea about cvs permission .so that u doesint repeat same error wat i had done earlier

Best OF Luck
Thanks for your interest arun

Even I believe this is not related with permission issue, instead this is something else
Because even after giving 777 permission and the ownership to the user if he is not able to create a file, there is something strange

I even mentioned his name in writers file

Would you mind sharing how you were overcome this issue
This project is really freaking me out if this error continues to occur....I need a solution ASAP
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How can i share cvs user home directory to all users of cvs arun5002 Linux - Server 18 10-25-2011 10:26 AM
cvs user permission alanchansl Linux - Software 1 07-05-2006 06:20 AM
Running CVS Server on Fedora Core 4 with pserver as "cvs" user rupak Fedora 2 09-17-2005 03:06 PM
Running CVS Server with pserver as "cvs" user on Fedora Core 4 rupak Linux - Software 2 09-17-2005 01:10 PM
cvs import: permission denied for dskny Linux - Software 0 07-12-2004 05:28 PM


All times are GMT -5. The time now is 04:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration