[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suggestions to figure out why permissions are not working on new rep

From: Bob Proulx
Subject: Re: suggestions to figure out why permissions are not working on new repo.
Date: Fri, 14 Mar 2008 00:41:52 -0600
User-agent: Mutt/1.5.13 (2006-08-11)

Sadia Tahseen wrote:
> Root on cvs_server
> edited /etc/group and added 
> sadiacvsgroup:x:800:sadia,user1,user2,user3,userN


> chown sadia:sadiascvsgroup /appl/src/cvs/

Good.  But not enough.  I believe the directory needs to be group
writable with the setgid bit set.  After doing this you will probably
need to run the chown again.

  find /appl/src/cvs -name CVSROOT -prune -o -type d -exec chmod ug+rwx,g+s {} +
  find /appl/src/cvs -name CVSROOT -prune -o -type f -exec chown 
sadia:sadiascvsgroup {} +

IIRC the CVSROOT directory shouldn't be writable except for the
"history" and "val-tags" files.  That is why I pruned them out in the
above.  But the rest of the repository should be writable.

> Then 
> as 
> sadia 
> on 
> cvs_server:

Why are you word wrapping so strangely?

> chown 
> :sadiascvsgroup 
> JavaAppl/projectdir
> chmod 
> g+rws 
> JavaAppl/projectdir

You only want to set the setgid bit on directories.  The fancy find
command I suggested is useful because it will only set this on
directories, will do so recursively down the directory tree, and will
avoid doing so in the CVSROOT directory.

> chmod: changing permissions of `JavaAppl/CVSROOT': Operation not permitted

This is almost always because you don't own the files.  You can only
chmod files that you own, or be root which has superuser permissions
for all files.

> <Todd said>
> #you'll want to tighten up security on the following directory later.
> chown :sadiascvsgroup JavaAppl/CVSROOT
> chmod g+rws JavaAppl/CVSROOT
> </todd said>
> address@hidden chmod g+rws JavaAppl/CVSROOT
> chmod: changing permissions of `JavaAppl/CVSROOT': Operation not permitted

This error is produced when you don't own the directory.

> <todd said>
> There are only two reasons I can think of for that to fail.
> try (on cvs_server, as sadia)
> `ls -ld /appl/src/cvs/JavaAppl \
>         /appl/src/cvs/JavaAppl/CVSROOT \
>          /appl/src/cvs/JavaAppl/projectdir`

What did it show?  You didn't say.  This would be very useful
information for us to help to debug the problem.

> The reasons are:
> 1) sadia does not own those directories.:YES ONLY ROOT OWNS THESE DIRECTORIES 
> AND ALL USERS CAN ACCESS /appl/src/cvs

If root owns those directories then you will need to be able to be
root in order to make changes to them.

> 2) those directories are on an nfs server/NAS which is being very pedantic 
> about WHO can set those things.
> Did the `chmod g+rws JavaAppl/projectdir` work or give the same error?

Same thing here.  If the directory is owned by root then you will need
to be root to change them.

> <todd said>
> then as sadia on a_workstation:
> export CVSROOT=:ext:cvs_server:/appl/src/cvs/JavaAppl
> export CVS_RSH=ssh
> cvs checkout projectdir
> date > projectdir/mydate
> cvs add projectdir/mydate
> cvs commit -m"a comment" projectdir/mydate
> </todd said>
> address@hidden ~]$ cvs checkout projectdir
> address@hidden's password:

You probably should set up an ssh rsa identity key so that you can
authorize your login without needing to type in a password each and
every time.  I use rsa keys with the ssh-agent for this purpose but
there are many different ways to do it.

> ? projectdir/mydate
> cvs checkout: Updating projectdir

That output makes it look like you got through your other problems and
that this worked.

> address@hidden ~]$ cvs add projectdir/mydate
> cvs add: in directory .:
> cvs [add aborted]: there is no version here; do 'cvs checkout' first

After doing the 'cvs checkout projectdir' above change directory into
that project directory.

  cd projectdir

Then you will be in the cvs project and a CVS directory will be in the
current working directory.

> <todd said>
> on workstation as sadia, please provide:
> `ls -ld ~/projectdir/; ls -l ~/projectdir/`
> </todd said>
> <Sadia said>
> Yes I did as you said it showed
> address@hidden  ls -ld ~/projectdir/;
> drwxr-xr-x  3 sadia users 4096 Mar 10 15:49 /users/sadia/projectdir/


> address@hidden ~]$ ls -l ~/projectdir/'

Nothing?  There should be a CVS directory there.  If not then the cvs
checkout failed.  (Which is somewhat expected because your other
information showed that the repository is not yet set up correctly.)

> address@hidden date > projectdir/mydate
> address@hidden ~]$ cvs add projectdir/mydate
> address@hidden's password:
> cvs add: in directory .:
> cvs [add aborted]: there is no version here; do 'cvs checkout' first
> address@hidden cvs commit -m "a comment" projectdir/mydate
> cvs commit: use `cvs add' to create an entry for
>  projectdir/mydate
> cvs [commit aborted]: correct above errors first!

This is the same problem.  You need to cd into the project directory
first.  But before that you need to fix the cvs repository so that you
can check out the project first.

> > Are you sure you are feeding me the errors in the order you got
> > them, I expected a DIFFERENT error at this point????  something is
> > highly amiss at this point.

I agree with Todd here.  The information doesn't make sense.  I
suggest you start at the beginning and carefully work forward through
the setup of the repository from the start.

> > 1) remove the repository and sandboxes that you have created so far
> > and start following the email with the description again fresh, if
> > this fails go to method 2, while indicating this one failed and how.

> I HAVE TRIED REMOVING projectdir from cvs.Am I suppposed to remove
> you are talking about ?how do we set permissions /ownership of
> everything in CVSROOT

*EITHER* you would need to remove everything and then create
everything *OR* you would need to correct the ownership and
permissions on the existing files.

> > 2) we have to look at the permission/ownership of everything in
> > $CVSROOT and the sandboxes, and then determine what changes have to
> > be made.

Again, Todd is saying that you need to show us the directory and file
listing so that we on the mailing list can see how they should be

At this point I think the best thing may be to get help from a local
expert.  If there is someone who can help you in person it might be
the best way to make progress.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]