I cant get access to the repository after following your suggestions. I think I got it the way you described it. I can login to the server ok, but when I try to checkout a module it says: "setgid failed: operation not permitted". I have the modules owned by their respective user:group and have done a "chmod 2770 <module>". What have I missed?
Regards from Olav! Douglas Finkle wrote: >>On Thu, Jan 24, 2002 at 05:44:51PM +0100, Olav Lindkj�len wrote: >> >>>In short: >>>---(Admin) must have read/write access to all modules. >>>---Users from Company B must have read/write access only to >>> >>modules with >> >>>code owned by them. >>>---Users from Company B must allso have Read Only Access to >>> >>public code. >> >>>---Users from Company C must have read/write access only to >>> >>modules with >> >>>code owned by them. >>>---Users from Company C must allso have Read Only Access to >>> >>public code. >> >>>Is there a way to solve this? (cvs user/passwords, file >>> >>permissions...?) >> >>- Create a UNIX group for each of the companies. >>- Put each company's modules in the correct per-company group. >>- Put the company's user account(s) into that group, but NOT into >> the "cvs" group. >>- Put yourself in all of the per-company groups, AND in "cvs". >>- Set everybody's umask to 2, i.e. files and directories will be >> world-readable, and group-writable. >> > > > Close, but I do not completely agree: > > - Admin group cvs-- nobody else, create an unpriviledged admin role user cvs > - Set (almost, see next line) all files under $CVSROOT/CVSROOT to cvs:cvs > - set $CVSROOT to cvs:public 0750, $CVSROOT/history, val-tags to 0660 > cvs:public > - Each company has a separate, unique group > - Each company requiring access to "public" modules also be in the same > public group > - Set the group sticky bit on for each module, according to public/private > rules, > that is 2770 for the (private) group. > - Users can change their own umask, but if you force it, do so to 027 > - Set up the readers and writers acl's-- assuming you're using v1.10.8 or > higher. > This will enable you to allow read-only checkouts of the public module(s). > See cvs_acls.pl in the contrib section of the sources for this. > - DO NOT use pserver-- under any circumstances as it's not safe. > > Disclaimer: I think this is all... > > _______________________________________________ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs > > > > _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
