CVS module (in repository) user:group

xp_newbie · 12-31-2007, 06:50 AM

I have setup a CVS pserver which works nicely for me, the user who first created the modules (subdirectories under /cvs).

The problem is when other users try to check out from that module (subdirectory under /cvs).

/cvs and /cvs/CVSROOT all belong to special 'user:group' that I created: 'cvs:cvs'.

Code:

drwxrwxr-x 3 cvs        cvs        4096 2007-12-30 13:25 CVSROOT
-rw-rw-r-- 1 cvs        cvs           0 2007-12-29 10:34 locks
drwxrwxr-x 8 xpnewbie   xpnewbie   4096 2007-12-30 06:53 mymodule

As you can see, when I first created 'mymodule' (using import/commit), it was created with the ownership of xpnewbie:xpnewbie, not xpnewbie:cvs as I had hoped.

My question is: What is the right approach to tackle this problem?

Of course I could perform a 'chown -R xpnewbie:cvs mymodule' but then:

I don't know what would happen to a newly added file to the module (it would most certainly not receive 'xpnewbie:cvs' ownership.
I will have to repeat this (manual) procedure every time I create a new module.

Is there a way to tell CVS/pserver to automatically assign the group 'cvs' to any newly checked in module/file?

Thanks,
Alex

gilead · 01-01-2008, 04:41 PM

There are a couple of ways to approach this. The first is to put all CVS users into a cvs group, run chgrp cvs over the modules and then set the gid bit on all of the module directories:

Code:

find /path/to/cvsrepo/module -type d -exec chmod g+sw {} \;

That way all cvs group members will have write permission and all new files will belong to the cvs group.

The second way is to have a single cvs user and add your repository users added to CVSROOT/passwd. The cvs user owns the modules and the problem of multiple system users owning the files goes away.

xp_newbie · 01-01-2008, 06:38 PM

Thank you very much, gilead.

I like the first way better, because it allows keeping track of who performed what in the CVS repositories.

However, it also means that every time a new repository is added, I will have to perform that 'chgrp cvs' and 'chmod g+sw'...

Is there a way to avoid that? Can I just do 'chmod g+sw' on /cvs, thus assuming from now on that every newly created repository (via cvs command, of course) will automatically receive g+sw as well?

Also, do I understand correctly that the 's' in the g+sw, simply makes every newly created directory/file belong to the cvs group?

Thanks,
Alex

gilead · 01-01-2008, 10:12 PM

Yes, to both... You can run chmod g+sw on the top level directory so that you don't need to run it on each new module. The 's' does cause each new directory/file to belong to the cvs group.

xp_newbie · 01-03-2008, 09:00 AM

Gilead, thanks again. This clarifies the issue.

For future reference, I am posting here a link that, although refers to ssh clients (vs. pserver), provides additional clues for finer granularity when needing to control access to CVS repositories:

http://ioctl.org/unix/cvs/server

What a great community!

Cheers,
Alex

gilead · 01-03-2008, 01:28 PM

No problem - glad it helped. Thank you for posting the link