[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVSROOT file permissions (history val-tags)
|
From: |
Bulgrien, Kevin |
|
Subject: |
CVSROOT file permissions (history val-tags) |
|
Date: |
Tue, 26 Jul 2005 11:28:03 -0500 |
It seems odd that history and val-tags require write permissions
when all other cvs repository files do not. It seem particularly
odd for history and val-tags to be created with world write
permissions by default...
I would like to see these files created and functional with the same
permissions that the other CVS files have, and particularly, the removal
of the default assignment of world write permissions to any repository
file.
Recently a user pointed out that history was not being written:
$ cvs commit version.f
Checking in version.f;
/home/blah/blip/blat/boo/bah/version.f,v <-- version.f
new revision: 1.4; previous revision: 1.3
done
cvs commit: warning: cannot write to history file
/home/blah/blip/blat/CVSROOT/history: Permission denied
A review of our repositories showed that not all were set up with
write permissions on these files, so then it prompted me to look
at how cvs init created repositories to find the correct settings.
This is when I saw that world write was turned on by default for
some of the files.
$ mkdir rep
$ cvs -d /home/me/cvs/rep init
$ ls -lR rep
rep:
total 1
drwxrwsr-x 3 me me 1088 Jul 26 11:08 CVSROOT/
rep/CVSROOT:
total 88
-r--r--r-- 1 me me 495 Jul 26 11:08 checkoutlist
-r--r--r-- 1 me me 700 Jul 26 11:08 checkoutlist,v
-r--r--r-- 1 me me 760 Jul 26 11:08 commitinfo
-r--r--r-- 1 me me 965 Jul 26 11:08 commitinfo,v
-r--r--r-- 1 me me 991 Jul 26 11:08 config
-r--r--r-- 1 me me 1196 Jul 26 11:08 config,v
-r--r--r-- 1 me me 602 Jul 26 11:08 cvswrappers
-r--r--r-- 1 me me 807 Jul 26 11:08 cvswrappers,v
-r--r--r-- 1 me me 1025 Jul 26 11:08 editinfo
-r--r--r-- 1 me me 1230 Jul 26 11:08 editinfo,v
drwxrwsr-x 2 me me 48 Jul 26 11:08 Emptydir/
-rw-rw-rw- 1 me me 0 Jul 26 11:08 history
-r--r--r-- 1 me me 1141 Jul 26 11:08 loginfo
-r--r--r-- 1 me me 1346 Jul 26 11:08 loginfo,v
-r--r--r-- 1 me me 1151 Jul 26 11:08 modules
-r--r--r-- 1 me me 1356 Jul 26 11:08 modules,v
-r--r--r-- 1 me me 564 Jul 26 11:08 notify
-r--r--r-- 1 me me 769 Jul 26 11:08 notify,v
-r--r--r-- 1 me me 649 Jul 26 11:08 rcsinfo
-r--r--r-- 1 me me 854 Jul 26 11:08 rcsinfo,v
-r--r--r-- 1 me me 879 Jul 26 11:08 taginfo
-r--r--r-- 1 me me 1084 Jul 26 11:08 taginfo,v
-rw-rw-rw- 1 me me 0 Jul 26 11:08 val-tags
-r--r--r-- 1 me me 1026 Jul 26 11:08 verifymsg
-r--r--r-- 1 me me 1231 Jul 26 11:08 verifymsg,v
rep/CVSROOT/Emptydir:
total 0
Under this setup, a user not in group me can easily modify files if the
enclosing directories allow world traversal even if rw is denied to world.
Ok, I know that top-level directories should be controlled, but this still
seems to be unneccessary when CVS already finds a way to write files that
are read-only to everyone.
---
Kevin R. Bulgrien
Product Engineer
General Dynamics C4 Systems http://www.tripointglobal.com/
VertexRSI
1915 Harrison Road Tel: 903-295-1480 x288
Longview, TX 75604-5438 Fax: 903-295-1479
- CVSROOT file permissions (history val-tags),
Bulgrien, Kevin <=