0

I administer a CVS server (CVS 1.11.23 on CentOS 6.9, with SELinux disabled).

I set the setgid bit on all repository directories, as this page suggests, so that new files and directories are owned by the cvs group, regardless of who commits them:

$ ls -al
drwxrwsr-x+ 407 root       cvs    20480 Jun 19 05:34 .
drwxr-xr-x.   5 cvs        cvs     4096 Nov 11  2014 ..
drwxrwsr-x+   3 cvs        cvs     4096 Aug 18 16:07 CVSROOT
drwxrwsr-x+  20 cvs        cvs     4096 Aug 18 16:00 test

But starting recently, when someone commits, new directories are being created without the setgid bit (note the "x" instead of "s" in the last line):

$ ls -al test
drwxrwsr-x+  20 cvs    cvs   4096 Aug 18 16:00 .
drwxrwsr-x+ 407 root   cvs  20480 Jun 19 05:34 ..
drwxrwxr-x+   2 jw     cvs   4096 Aug 18 15:51 foo

As a result, files added inside those directories aren't owned by the cvs group, which leads to permission errors later on.

This happens with both the command-line CVS client, and Eclipse's client, using pserver and extssh connection methods.

What could cause it to ignore the setgid bit?

I tried adding a commitinfo script to print some information about the user doing the commit. It shows nothing unusual; the umask is 0022, so that shouldn't affect things.

JW.
  • 119
  • 4
  • 11
  • I just did some tests and found that e.g. creating a folder in `/tmp` which is `tmpfs` and the move this directory to a setgid bit enabled directory, it is not set on the folder that is moved. If I move folders from e.g. `ext4` filesytem the setgid bit is set on the folders that are moved. – Thomas Sep 10 '17 at 14:31
  • @Thomas Hmm, interesting idea. But on my CentOS 6.9 box, when I move a folder from an ext4 filesystem into one that has setgid, it doesn't set that bit on the moved folder. It only sets it when I create the folder inside the one with setgid. Same with moving from tmpfs. Still, this could explain the behavior, if it's creating directories outside of the repo and moving them in. – JW. Sep 10 '17 at 17:20

0 Answers0