Re: cvs permissions

2001-09-19 Thread Danie Roux 
On Mon, Jul 23, 2001 at 05:50:19PM +0200, Martin F. Krafft wrote:

...
 so i would like to change configuration remotely, and currently, i
 rsync the /etc trees to a local directory, update, then rsync back.
 however, this requires a lot of discipline, and is not a viable method
 with multiple maintainers.
 
 CVS is pretty much exactly what i am looking for. i would love to
 create a CVS repository each for every one of the remote machines.
 then everyone could checkout and commit, and a cron job on the actual
 remote machine could bring the local /etc up to date with the CVS
 repository every 4 hours or so.
 
...
 is this possible, and if yes, how?
 
 martin;  (greetings from the heart of the sun.)
   \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]

Sounds like you want cvsup. Uses rsync and CVS. Even promises that it can can
do device inodes and hard links.

-- 
Danie Roux *shuffle* Adore Unix

Re: cvs permissions

2001-07-28 Thread Osamu Aoki 
Hi, interesting ideas.  I thought about it ...

On Thu, Jul 26, 2001 at 04:46:25PM -0400, Joey Hess wrote:
 Martin F. Krafft wrote:
  okay, with the preserve option i have succeeded at preserving the file
  permissions
...
 I'm not sure if the preserve option works with remote cvs checkouts btw.
 Reccommend looking in the cvs info page.

Info saids No:

   The `PreservePermissions' features do not work with client/server
CVS.  Another limitation is that hard links must be to other files
within the same directory; hard links across directories are not
supported.

(This may be for pserver.  I do not know if ssh is used)

Also I just experimented. I can import /etc into CVS by root but I can
not even ci as root locally:

[EMAIL PROTECTED]:/etc# cvs ci
cvs [commit aborted]: cannot commit files as 'root'

Well, it does not look easy.
-- 
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ 
+  Osamu Aoki [EMAIL PROTECTED], GnuPG-key: 1024D/D5DE453D  +
+  My debian quick-reference, http://www.aokiconsulting.com/quick/+

Re: cvs permissions

2001-07-27 Thread dman 
On Mon, Jul 23, 2001 at 05:50:19PM +0200, Martin F. Krafft wrote:
| i/we operate a number of remote servers, and sometimes, configuration
| is impossible because of slow links; then, vi takes 10 seconds to
| start, and a keystroke is echoed in 5... unacceptable.
| 
| so i would like to change configuration remotely, and currently, i
| rsync the /etc trees to a local directory, update, then rsync back.
| however, this requires a lot of discipline, and is not a viable method
| with multiple maintainers.
| 
| CVS is pretty much exactly what i am looking for. i would love to
| create a CVS repository each for every one of the remote machines.
| then everyone could checkout and commit, and a cron job on the actual
| remote machine could bring the local /etc up to date with the CVS
| repository every 4 hours or so.

CVS is designed for concurrent development -- you don't checkout
files, you just modify and then merge your changes with someone else's
concurrent changes.  Perhaps you could use RCS (because with RCS you
checkout/lock files) on the remote system and rsync between the
checkout directory on the remote system and a temp directory on your
local system.  This would prevent people from simultaneously making
changes to files.

Vim 6 has support for remote editing of files, so if you want to try
that it may help too.

-D

Re: cvs permissions

2001-07-27 Thread Nathan E Norman 
On Fri, Jul 27, 2001 at 02:14:07PM -0400, dman wrote:
 On Mon, Jul 23, 2001 at 05:50:19PM +0200, Martin F. Krafft wrote:
 | CVS is pretty much exactly what i am looking for. i would love to
 | create a CVS repository each for every one of the remote machines.
 | then everyone could checkout and commit, and a cron job on the actual
 | remote machine could bring the local /etc up to date with the CVS
 | repository every 4 hours or so.
 
 CVS is designed for concurrent development -- you don't checkout
 files, you just modify and then merge your changes with someone else's
 concurrent changes.

Hmm ... so what's cvs edit for? :)

 Perhaps you could use RCS (because with RCS you
 checkout/lock files) on the remote system and rsync between the
 checkout directory on the remote system and a temp directory on your
 local system.  This would prevent people from simultaneously making
 changes to files.

RCS works well when you have good access to the machine in question.
Sounds like that's part of the problem in Martin's case.

-- 
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd. | than a perfect plan tomorrow.
mailto:[EMAIL PROTECTED]   |   -- Patton


pgpvMKuWI3h6s.pgp
Description: PGP signature

Re: cvs permissions

2001-07-27 Thread Joey Hess 
Martin F. Krafft wrote:
 okay, with the preserve option i have succeeded at preserving the file
 permissions

If you get /etc-in-cvs to fully work, I'd really like to see a
mini-howto detailing what you did. I use cvs for my home directory (and
it's quite cool to walk up to a box you last used 1 year ago, type cvs
up  sudo apt-get dist-upgrade and get your complete environment synced
up), and have always wanted to use it for /etc, but there are so many
problems I've never gotten there.

I'm not sure if the preserve option works with remote cvs checkouts btw.
Reccommend looking in the cvs info page.

-- 
see shy jo

Re: cvs permissions

2001-07-24 Thread Danie Roux 
On Mon, Jul 23, 2001 at 05:50:19PM +0200, Martin F. Krafft wrote:

...
 so i would like to change configuration remotely, and currently, i
 rsync the /etc trees to a local directory, update, then rsync back.
 however, this requires a lot of discipline, and is not a viable method
 with multiple maintainers.
 
 CVS is pretty much exactly what i am looking for. i would love to
 create a CVS repository each for every one of the remote machines.
 then everyone could checkout and commit, and a cron job on the actual
 remote machine could bring the local /etc up to date with the CVS
 repository every 4 hours or so.
 
...
 is this possible, and if yes, how?
 
 martin;  (greetings from the heart of the sun.)
   \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]

Sounds like you want cvsup. Uses rsync and CVS. Even promises that it can can
do device inodes and hard links.

-- 
Danie Roux *shuffle* Adore Unix

Re: cvs permissions

2001-07-24 Thread Martin F. Krafft 
also sprach Danie Roux (on Tue, 24 Jul 2001 08:28:59AM +0200):
 Sounds like you want cvsup. Uses rsync and CVS. Even promises that
 it can can do device inodes and hard links.

i have been playing around with cvsup now after you said it, but i am
not getting lucky. the files are still created with UMASK permissions,
which is essentially the same as CVS. plus, i haven't been able to
figure out how to use cvsup to update the remote repository. in fact,
i can't see any differences - other than syntax - between cvsup and
cvs.

maybe someone can help me out or point me somewhere for help.

martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
-- 
never underestimate the power of human stupidity.


pgpHy4M5Vgiiu.pgp
Description: PGP signature

Re: cvs permissions

2001-07-24 Thread Martin F. Krafft 
also sprach Martin F. Krafft (on Tue, 24 Jul 2001 12:23:39PM +0200):
 i have been playing around with cvsup now after you said it, but i am
 not getting lucky. the files are still created with UMASK permissions,
 which is essentially the same as CVS. plus, i haven't been able to
 figure out how to use cvsup to update the remote repository. in fact,
 i can't see any differences - other than syntax - between cvsup and
 cvs.

okay, with the preserve option i have succeeded at preserving the file
permissions - but i seem to be unable to update the remote repository
with local changes... if i change something locally, it gets
overwritten by the next cvsup run. what can i do?

martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
-- 
1-800-psych 
hello, welcome to the psychiatric hotline. 
if you are depressed, it doesn't matter which number you press. no one
will answer. 


pgpK6W8ob3gMJ.pgp
Description: PGP signature

cvs permissions

2001-07-23 Thread Martin F. Krafft 
i/we operate a number of remote servers, and sometimes, configuration
is impossible because of slow links; then, vi takes 10 seconds to
start, and a keystroke is echoed in 5... unacceptable.

so i would like to change configuration remotely, and currently, i
rsync the /etc trees to a local directory, update, then rsync back.
however, this requires a lot of discipline, and is not a viable method
with multiple maintainers.

CVS is pretty much exactly what i am looking for. i would love to
create a CVS repository each for every one of the remote machines.
then everyone could checkout and commit, and a cron job on the actual
remote machine could bring the local /etc up to date with the CVS
repository every 4 hours or so.

my problem is that CVS doesn't care about permissions as RCS does.
specifically, CVS creates files locally with $CVS_UMASK permissions,
which is fine for the local checkout, but which will destroy the
security of the remote system, since some files in /etc have to be
0644 while others *should* be 0600. i don't want to use suidmanager or
a separate cron job to update the permissions, because that'll create
holes. i want the files, if checked out of the repository, to be
created immediately with specific permissions - the permissions that
the file had when it was checked in.

is this possible, and if yes, how?

martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
-- 
in contrast to the what-you-see-is-what-you-get philosophy,
 unix is the you-asked-for-it,-you-got-it operating system.
   --scott lee

Re: cvs permissions

2001-07-23 Thread Martin F. Krafft 
also sprach Andrew Agno (on Mon, 23 Jul 2001 12:55:21PM -0700):
 Why don't you create a group who does have write access to the /etc
 files?

because that wouldn't fix my problem, and because it would create more
problems. take these two files:

fishbowl:~ ls -l /etc/{passwd,wvdial.conf}
-rw-r--r--1 root root 1249 Jul  7 21:46 /etc/passwd
-rw-r-1 root dialout   191 Jun 14 16:02 /etc/wvdial.conf

if i cvs checked these out, they'd both be root.root and both have
either 0644 or 0640 permissions, because the cvs checkout creates
these files within /etc according to $CVSUMASK - i.e. all files the
same permissions. clearly, that's not appropriate for /etc/*.

martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
-- 
give me ambiguity or give me something else.


pgpZMI2veLxZU.pgp
Description: PGP signature

Re: cvs permissions

2001-07-23 Thread Andrew Agno 
Oh, and look under the CVS repository for CVSROOT/config.  There's an
options called PreserverPermissions.  Not sure how buggy that option
is (see a google search).

Andrew.

Re: cvs permissions

2001-07-23 Thread Martin F. Krafft 
also sprach Andrew Agno (on Mon, 23 Jul 2001 02:52:26PM -0700):
 Oh, and look under the CVS repository for CVSROOT/config.  There's an
 options called PreserverPermissions.  Not sure how buggy that option
 is (see a google search).

that's good, but it's disabled in 1.11, which is what woody uses
these days (and supposedly pretty buggy in 1.10) - i.e. not good for a
production system.

thanks though!

martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
-- 
no problem is so formidable
 that you can't just walk away from it.
  -- c. schulz


pgp3zn5nbLjfF.pgp
Description: PGP signature

Re: cvs permissions

2001-07-23 Thread Osamu Aoki 
On Mon, Jul 23, 2001 at 10:07:19PM +0200, Martin F. Krafft wrote:
 
 if i cvs checked these out, they'd both be root.root and both have
 either 0644 or 0640 permissions, because the cvs checkout creates
 these files within /etc according to $CVSUMASK - i.e. all files the
 same permissions. clearly, that's not appropriate for /etc/*.

I think CVD can run scripts upon ci/co.  Write small scripts which correct
and record permission.  Keep those permossion record in root:root 600
file.

That's an idea I thought about but never done it yet.

If you write or find it on the web, let me know. :-)

Osamu
-- 
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ 
+  Osamu Aoki [EMAIL PROTECTED], GnuPG-key: 1024D/D5DE453D  +
+  My debian quick-reference, http://www.aokiconsulting.com/quick/+

Re: cvs permissions

2001-07-23 Thread Andrew Agno 
Martin F. Krafft writes:
  also sprach Andrew Agno (on Mon, 23 Jul 2001 12:55:21PM -0700):
   Why don't you create a group who does have write access to the /etc
   files?
  
  because that wouldn't fix my problem, and because it would create more
  problems. take these two files:

Ah, of course.  Well, you could get around it by checking it out in
some temporary, root only (or whatever user/group), then using some
script to change the permissions there, then move the files to the
correct places.

Andrew.

Re: cvs permissions

2001-07-23 Thread Martin F. Krafft 
also sprach Osamu Aoki (on Mon, 23 Jul 2001 03:18:00PM -0700):
 I think CVD can run scripts upon ci/co.  Write small scripts which correct
 and record permission.  Keep those permossion record in root:root 600
 file.

that is an option, but it's *way* too much work, which i don't have.

i wonder if there is a tool that does this... maybe i have to write
one... that time i might be able to find for the debian project...

martin;  (greetings from the heart of the sun.)
  \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
-- 
printer not ready.
could be a fatal error.
have a pen handy?


pgpWAlmwownm2.pgp
Description: PGP signature