-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeremy Huntwork wrote: > Matthew Burgess wrote: > >> Jeremy Huntwork wrote: >> >>> Randy would need to be added to the svnwww and lfswww groups. >> >> >> >> Is lfswww still being used for website stuff? If so I'd rather it die >> a quick death by having any scripts or other files to be owned by >> svnwww instead. > > > Yes, I believe it's still being used. And I think there was a reason for > having the two groups, too. Anderson probably knows more about this though.
Yes, the lfswww group is still needed (and it needs to be synced everytime commits privileges are given to someone). Reason: the website update script (used on post-commit SVN hooks on most [every?] project repositories) requires write privileges to the /home/httpd/www.linuxfromscratch.org directory (mostly to update svn commit logs, hints and patches). Since the svn post-commit script runs as the user doing the commit, every user with commit privileges needs to have write permissions to /home/httpd/www.linuxfromscratch.org. The following configurations are possible (at least these are the ones I thought of; suggestions are welcome): 1) chgrp and chmod the relevant files on /home/httpd/www.linuxfromscratch.org for each svn group so commit users are able to only touch the website contents of the project they belong to. 2) Use e.g. sudo to run the script with the desired permissions (svn:svnwww), and limit sudo usage for that script to only the svn* groups. 3) chgrp /home/httpd/www.linuxfromscratch.org to "lfswww" and add everyone on the svn* groups to the lfswww group too. At the time I did the implementation, I opted for (3) as it seemed the simplest setup; (1) is hard to maintain and requires all everyone on the svnwww group to be on all other svn* groups (so we are free to change the entire site and fix/update permissions); and for (2), sudo is currently not installed on belgarath, and I'm not sure if it will actually work as I've not tested it. About chgrp'ing the scripts to svnwww, it's a good idea and should be done (IMHO). - -- Anderson Lizardo [EMAIL PROTECTED] http://www.linuxfromscratch.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFDL3g9kzNmn+NRHHoRAkCpAJ42uq094rgEOOzTWj/xm8UY+rsvowCgjKIQ tZ4tt/QJcLrFYeFy21Ige2w= =ytZu -----END PGP SIGNATURE----- _______________________________________________________ Novo Yahoo! Messenger com voz: ligações, Yahoo! Avatars, novos emoticons e muito mais. Instale agora! www.yahoo.com.br/messenger/ -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
