[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Can't do setuid
Re: Can't do setuid
Tue, 4 Feb 2003 17:48:24 -0500
On Tue, Feb 04, 2003 at 04:35:47PM -0500, Brian Kowald wrote:
> For my whole repository, I set the file and directory owner to cvs and the
> group to cvsusers. I did this recursively.
Setting the group is good. Setting the owner doesn't help much;
as you've discovered, it doesn't stay set for very long...
> I set "set group id bit" for the entire repository with 'chmod -R g+s'.
> This is so that new files will have the correct group and owner.
That should only have been done on the directories, NOT on the files.
However, everything should be g+w. So from a standing start,
it'd be something like:
chmod -R g+w
find . -type d -print0 | xargs -0 chmod g+s
(That's with GNU findutils. Without it, the g+s pipeline is
harder to do both safely and quickly. This has been discussed
here in the past; see the archives for details).
Of course, from your current state, your task is to turn *off*
setgid on the files, not to turn it *on* on the directories...
A couple more steps are needed:
- Add the users to group "cvsgroup" (then have them log in
again to pick up the change)
- Make sure that users' umasks do NOT include the 020 bit, i.e.
that they create files group-writable. Of course, this has
possibly-unpleasant ramifications for non-CVS files; the
CVSUMASK environment variable *might* be of help, depending
on your setup.
> I go and look at the repository, the owner has changed to the user doing the
> cvs command.
That's as expected. Once the group stuff that we're talking
about is set up properly, this behaviour shouldn't cause any
problems. (Indeed, working around this is a lot of the point of
the group stuff in the first place.)
> When I execute a cvs update, I get the error message "Can't do setuid'
I have a few thoughts, but nothing concrete:
- Do you have setuid or setgid enabled on the CVS executable
itself? If so, turn them off.
- One of the other suggestions might fix it (especially turning
off setgid on the ,v files).
- That message doesn't seem to occur in CVS 1.11.5. Which
version are you using? If it's an old one, try upgrading.
- Or are you using another implementation, e.g. WinCVS, cvsnt,
etc.? If so, you might have better luck on the appropriate
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. address@hidden
| | /
A distributed system is one on which I cannot get any work done,
because a machine I have never heard of has crashed.
- Leslie Lamport
- Can't do setuid, Brian Kowald, 2003/02/04
- Re: Can't do setuid,
Eric Siegerman <=