Re: [Savannah-hackers-public] Did the permissions on CVS lock files change?

Thu, 12 May 2016 01:55:59 -0700 

Bob Proulx wrote:
> Karl wrote:
> > As I recall, there is some ACL or other magic allowing members of group
> > www (like you) to commit to other repositories?  Unfortunately I'm not
> > able to find the information now.  It is certainly plausible that
> > such stuff was lost in the migration (not intentionally/knowingly).
> 
> Your memory is probably correct.  Because I can see no other way for
> people not in the project group to be able to access those files.

I find these entries in the ChangeLog file.  Almost exactly ten years ago!

2006-06-28  Beuc

        * Fixed that in Cvs.pm as well

        * /web/*/CVSROOT/history is now writable by project 'www' members
        -- perl -MSavane -e 'print join("\n", GetGroupList("(type=1 or
        type=3 or type=6) and status=\"A\"", "unix_group_name"))' | while
        read i; do setfacl -m group:www:rw $i/CVSROOT/history; done

2006-05-10  Beuc

        * CVS locks are now in /var/lock/cvs/(sources|web)/$project
        instead of previous /var/lock/cvs/(web)?$project

        (cd /sources/; ls; cd /web/; ls) | sort | uniq | xargs -n1 \
        ./generate_config.sh

        (also edited Cvs.pm and /etc/init.d/subsystem-cvs)

        * Allowing group 'www' to edit GNU projects' webpages: switched
        from the webgroup model to ACLs:

        perl -MSavane -e 'print join("\n", GetGroupList("(type=1 or type=3
        or type=6) and status=\"A\"","unix_group_name"))' | while read i;
        do find $i/$i -type d -print0 | xargs -0 setfacl -m
        default:group:www:rwx -m group:www:rwx; done

        find -maxdepth 1 -type d | sed -r 's,^./,,' | while read i; do
        find $i -group web$i -print0 | xargs -0 chgrp $i; done

        perl -MSavane -e 'print join("\n",
        GetGroupList("status=\"A\"","unix_group_name"))' | while read
        group; do groupdel web$group; done # groupdel is sloooow

        (also edited Cvs.pm)

        Now unused: /usr/src/infra/sv_update_webgroups.pl

2005-08-10  baughj

        * Installed an updated 2.6.8.1-dl380 kernel image which has support
        for ext2/3 ACL's.

Regardless it will need a reboot in order to activate the "acl" mount
option and that will need an FSF admin to safely accomplish.  That
must wait until they come online tomorrow morning.

Bob

Reply via email to