Re: cvs permissions
On Mon, Jul 23, 2001 at 05:50:19PM +0200, Martin F. Krafft wrote: ... so i would like to change configuration remotely, and currently, i rsync the /etc trees to a local directory, update, then rsync back. however, this requires a lot of discipline, and is not a viable method with multiple maintainers. CVS is pretty much exactly what i am looking for. i would love to create a CVS repository each for every one of the remote machines. then everyone could checkout and commit, and a cron job on the actual remote machine could bring the local /etc up to date with the CVS repository every 4 hours or so. ... is this possible, and if yes, how? martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] Sounds like you want cvsup. Uses rsync and CVS. Even promises that it can can do device inodes and hard links. -- Danie Roux *shuffle* Adore Unix
Re: cvs permissions
Hi, interesting ideas. I thought about it ... On Thu, Jul 26, 2001 at 04:46:25PM -0400, Joey Hess wrote: Martin F. Krafft wrote: okay, with the preserve option i have succeeded at preserving the file permissions ... I'm not sure if the preserve option works with remote cvs checkouts btw. Reccommend looking in the cvs info page. Info saids No: The `PreservePermissions' features do not work with client/server CVS. Another limitation is that hard links must be to other files within the same directory; hard links across directories are not supported. (This may be for pserver. I do not know if ssh is used) Also I just experimented. I can import /etc into CVS by root but I can not even ci as root locally: [EMAIL PROTECTED]:/etc# cvs ci cvs [commit aborted]: cannot commit files as 'root' Well, it does not look easy. -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki [EMAIL PROTECTED], GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://www.aokiconsulting.com/quick/+
Re: cvs permissions
On Mon, Jul 23, 2001 at 05:50:19PM +0200, Martin F. Krafft wrote: | i/we operate a number of remote servers, and sometimes, configuration | is impossible because of slow links; then, vi takes 10 seconds to | start, and a keystroke is echoed in 5... unacceptable. | | so i would like to change configuration remotely, and currently, i | rsync the /etc trees to a local directory, update, then rsync back. | however, this requires a lot of discipline, and is not a viable method | with multiple maintainers. | | CVS is pretty much exactly what i am looking for. i would love to | create a CVS repository each for every one of the remote machines. | then everyone could checkout and commit, and a cron job on the actual | remote machine could bring the local /etc up to date with the CVS | repository every 4 hours or so. CVS is designed for concurrent development -- you don't checkout files, you just modify and then merge your changes with someone else's concurrent changes. Perhaps you could use RCS (because with RCS you checkout/lock files) on the remote system and rsync between the checkout directory on the remote system and a temp directory on your local system. This would prevent people from simultaneously making changes to files. Vim 6 has support for remote editing of files, so if you want to try that it may help too. -D
Re: cvs permissions
On Fri, Jul 27, 2001 at 02:14:07PM -0400, dman wrote: On Mon, Jul 23, 2001 at 05:50:19PM +0200, Martin F. Krafft wrote: | CVS is pretty much exactly what i am looking for. i would love to | create a CVS repository each for every one of the remote machines. | then everyone could checkout and commit, and a cron job on the actual | remote machine could bring the local /etc up to date with the CVS | repository every 4 hours or so. CVS is designed for concurrent development -- you don't checkout files, you just modify and then merge your changes with someone else's concurrent changes. Hmm ... so what's cvs edit for? :) Perhaps you could use RCS (because with RCS you checkout/lock files) on the remote system and rsync between the checkout directory on the remote system and a temp directory on your local system. This would prevent people from simultaneously making changes to files. RCS works well when you have good access to the machine in question. Sounds like that's part of the problem in Martin's case. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton pgpvMKuWI3h6s.pgp Description: PGP signature
Re: cvs permissions
Martin F. Krafft wrote: okay, with the preserve option i have succeeded at preserving the file permissions If you get /etc-in-cvs to fully work, I'd really like to see a mini-howto detailing what you did. I use cvs for my home directory (and it's quite cool to walk up to a box you last used 1 year ago, type cvs up sudo apt-get dist-upgrade and get your complete environment synced up), and have always wanted to use it for /etc, but there are so many problems I've never gotten there. I'm not sure if the preserve option works with remote cvs checkouts btw. Reccommend looking in the cvs info page. -- see shy jo
Re: cvs permissions
On Mon, Jul 23, 2001 at 05:50:19PM +0200, Martin F. Krafft wrote: ... so i would like to change configuration remotely, and currently, i rsync the /etc trees to a local directory, update, then rsync back. however, this requires a lot of discipline, and is not a viable method with multiple maintainers. CVS is pretty much exactly what i am looking for. i would love to create a CVS repository each for every one of the remote machines. then everyone could checkout and commit, and a cron job on the actual remote machine could bring the local /etc up to date with the CVS repository every 4 hours or so. ... is this possible, and if yes, how? martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] Sounds like you want cvsup. Uses rsync and CVS. Even promises that it can can do device inodes and hard links. -- Danie Roux *shuffle* Adore Unix
Re: cvs permissions
also sprach Danie Roux (on Tue, 24 Jul 2001 08:28:59AM +0200): Sounds like you want cvsup. Uses rsync and CVS. Even promises that it can can do device inodes and hard links. i have been playing around with cvsup now after you said it, but i am not getting lucky. the files are still created with UMASK permissions, which is essentially the same as CVS. plus, i haven't been able to figure out how to use cvsup to update the remote repository. in fact, i can't see any differences - other than syntax - between cvsup and cvs. maybe someone can help me out or point me somewhere for help. martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] -- never underestimate the power of human stupidity. pgpHy4M5Vgiiu.pgp Description: PGP signature
Re: cvs permissions
also sprach Martin F. Krafft (on Tue, 24 Jul 2001 12:23:39PM +0200): i have been playing around with cvsup now after you said it, but i am not getting lucky. the files are still created with UMASK permissions, which is essentially the same as CVS. plus, i haven't been able to figure out how to use cvsup to update the remote repository. in fact, i can't see any differences - other than syntax - between cvsup and cvs. okay, with the preserve option i have succeeded at preserving the file permissions - but i seem to be unable to update the remote repository with local changes... if i change something locally, it gets overwritten by the next cvsup run. what can i do? martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] -- 1-800-psych hello, welcome to the psychiatric hotline. if you are depressed, it doesn't matter which number you press. no one will answer. pgpK6W8ob3gMJ.pgp Description: PGP signature
cvs permissions
i/we operate a number of remote servers, and sometimes, configuration is impossible because of slow links; then, vi takes 10 seconds to start, and a keystroke is echoed in 5... unacceptable. so i would like to change configuration remotely, and currently, i rsync the /etc trees to a local directory, update, then rsync back. however, this requires a lot of discipline, and is not a viable method with multiple maintainers. CVS is pretty much exactly what i am looking for. i would love to create a CVS repository each for every one of the remote machines. then everyone could checkout and commit, and a cron job on the actual remote machine could bring the local /etc up to date with the CVS repository every 4 hours or so. my problem is that CVS doesn't care about permissions as RCS does. specifically, CVS creates files locally with $CVS_UMASK permissions, which is fine for the local checkout, but which will destroy the security of the remote system, since some files in /etc have to be 0644 while others *should* be 0600. i don't want to use suidmanager or a separate cron job to update the permissions, because that'll create holes. i want the files, if checked out of the repository, to be created immediately with specific permissions - the permissions that the file had when it was checked in. is this possible, and if yes, how? martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] -- in contrast to the what-you-see-is-what-you-get philosophy, unix is the you-asked-for-it,-you-got-it operating system. --scott lee
Re: cvs permissions
also sprach Andrew Agno (on Mon, 23 Jul 2001 12:55:21PM -0700): Why don't you create a group who does have write access to the /etc files? because that wouldn't fix my problem, and because it would create more problems. take these two files: fishbowl:~ ls -l /etc/{passwd,wvdial.conf} -rw-r--r--1 root root 1249 Jul 7 21:46 /etc/passwd -rw-r-1 root dialout 191 Jun 14 16:02 /etc/wvdial.conf if i cvs checked these out, they'd both be root.root and both have either 0644 or 0640 permissions, because the cvs checkout creates these files within /etc according to $CVSUMASK - i.e. all files the same permissions. clearly, that's not appropriate for /etc/*. martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] -- give me ambiguity or give me something else. pgpZMI2veLxZU.pgp Description: PGP signature
Re: cvs permissions
Oh, and look under the CVS repository for CVSROOT/config. There's an options called PreserverPermissions. Not sure how buggy that option is (see a google search). Andrew.
Re: cvs permissions
also sprach Andrew Agno (on Mon, 23 Jul 2001 02:52:26PM -0700): Oh, and look under the CVS repository for CVSROOT/config. There's an options called PreserverPermissions. Not sure how buggy that option is (see a google search). that's good, but it's disabled in 1.11, which is what woody uses these days (and supposedly pretty buggy in 1.10) - i.e. not good for a production system. thanks though! martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] -- no problem is so formidable that you can't just walk away from it. -- c. schulz pgp3zn5nbLjfF.pgp Description: PGP signature
Re: cvs permissions
On Mon, Jul 23, 2001 at 10:07:19PM +0200, Martin F. Krafft wrote: if i cvs checked these out, they'd both be root.root and both have either 0644 or 0640 permissions, because the cvs checkout creates these files within /etc according to $CVSUMASK - i.e. all files the same permissions. clearly, that's not appropriate for /etc/*. I think CVD can run scripts upon ci/co. Write small scripts which correct and record permission. Keep those permossion record in root:root 600 file. That's an idea I thought about but never done it yet. If you write or find it on the web, let me know. :-) Osamu -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki [EMAIL PROTECTED], GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://www.aokiconsulting.com/quick/+
Re: cvs permissions
Martin F. Krafft writes: also sprach Andrew Agno (on Mon, 23 Jul 2001 12:55:21PM -0700): Why don't you create a group who does have write access to the /etc files? because that wouldn't fix my problem, and because it would create more problems. take these two files: Ah, of course. Well, you could get around it by checking it out in some temporary, root only (or whatever user/group), then using some script to change the permissions there, then move the files to the correct places. Andrew.
Re: cvs permissions
also sprach Osamu Aoki (on Mon, 23 Jul 2001 03:18:00PM -0700): I think CVD can run scripts upon ci/co. Write small scripts which correct and record permission. Keep those permossion record in root:root 600 file. that is an option, but it's *way* too much work, which i don't have. i wonder if there is a tool that does this... maybe i have to write one... that time i might be able to find for the debian project... martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] -- printer not ready. could be a fatal error. have a pen handy? pgpWAlmwownm2.pgp Description: PGP signature