I administer a CVS server (CVS 1.11.23 on CentOS 6.9, with SELinux disabled).
I set the setgid bit on all repository directories, as this page suggests, so that new files and directories are owned by the cvs
group, regardless of who commits them:
$ ls -al
drwxrwsr-x+ 407 root cvs 20480 Jun 19 05:34 .
drwxr-xr-x. 5 cvs cvs 4096 Nov 11 2014 ..
drwxrwsr-x+ 3 cvs cvs 4096 Aug 18 16:07 CVSROOT
drwxrwsr-x+ 20 cvs cvs 4096 Aug 18 16:00 test
But starting recently, when someone commits, new directories are being created without the setgid bit (note the "x" instead of "s" in the last line):
$ ls -al test
drwxrwsr-x+ 20 cvs cvs 4096 Aug 18 16:00 .
drwxrwsr-x+ 407 root cvs 20480 Jun 19 05:34 ..
drwxrwxr-x+ 2 jw cvs 4096 Aug 18 15:51 foo
As a result, files added inside those directories aren't owned by the cvs
group, which leads to permission errors later on.
This happens with both the command-line CVS client, and Eclipse's client, using pserver and extssh connection methods.
What could cause it to ignore the setgid bit?
I tried adding a commitinfo script to print some information about the user doing the commit. It shows nothing unusual; the umask is 0022, so that shouldn't affect things.