[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: WC permissions

From: Philip Martin <philip_at_codematters.co.uk>
Date: 2003-12-10 02:24:43 CET

Branko ÄŒibej <brane@xbc.nu> writes:

> Ryan Hunt wrote:
>
>> On Dec 9, 2003, at 12:15 PM, y2w2de9j001@sneakemail.com wrote:
>>>
>>> What are the fundamental problems with allowing more than two people
>>> from working within the same WC, other than that svn is chmod'ing
>>> files that it might not need to, then failing with EPERM?
>>
>> I would like to know this too as it is becoming more and more
>> essential that all users of my repository use the same WC.
>
> The only way I know to do this on Unix (if your filesystem doesn't have
> inheritable ACLs) is to put all your users into the same group (doesn't
> have to be the primary group), use umask 002 and set the sticky-group
> bit on the directories in the subversion WC.

On my system chmod(2) says

 "The effective UID of the process must be zero or must match the
  owner of the file."

so the sticky bit does not appear to solve the shared working copy
problem. It does solve the shared repository problem.

One way to solve the shared working copy problem is to have a
dedicated svn user and use a setuid client so that all the Subversion
commands are run as the same user. Now, a setuid svn client
effectively provides shell access, so you may want a setuid wrapper
that checks for appropriate conditions (having a suitable user and/or
group ID say) before invoking the normal client.

-- 
Philip Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 10 02:26:01 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.