[darcs-users] Multi-user permissions
Michael Conrad
conradme at email.uc.edu
Sat Oct 23 02:33:50 UTC 2004
> > You could always add group read to your umask in .bashrc (or
equivalent),
> > which doesn't seem like much of a security compromise, and not much
effort
> > either. (of course, its less of an issue on BSD where each user has
their
> > own group) You could also play with the sticky bit and directory-suid
bit.
> >
>
> How would group read be sufficient? If we're sharing a repo, and someone
> creates a new file, doesn't darcs want to write to that file when
> someone else commits changes to it?
Aah, I skipped a step in my explanation. I was also going to suggest that
you make the repo writable and the patches directory sticky. Then users
could drop patches, but not write to eachothers patches, and not delete them
either (due to permissions and sticky bit). The repo itself could be
writable, and just ignore its contents.
However, I also skipped a step in my thinking. I forgot that darcs keeps a
"current" copy of the repo in the _darcs directory, and would need to modify
all those files. So yeah, the idea is somewhat broken.
I think the mail server / PGP sig / test case script was a rather brilliant
design (to avoid the whole user/password database and secure connection
problems that plague CVS). Maybe, to avoid the mail server configuration,
you could have your users do a darcs send -o and drop the resulting file
into a "dropbox" directory in the official repo. You could then let them
run "sudo darcs_apply.sh" and perform any other steps you want (like test
cases, etc).
You could also put the -o in the users' prefs, so they didn't have to type
it every time.
-Mike
(and OT, my gentoo installation defaulted to using "users" as the default
group, rather than creating a new group for each)
More information about the darcs-users
mailing list