bzr & unix permissions on the .bzr contexts.
John Arbash Meinel
john at arbash-meinel.com
Mon Aug 2 21:19:32 BST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Andronov wrote:
> John --
> Thank you for the speedy reply.
>
> 1.
>> We do stat the .bzr directory and try to preserve that permission on
>> files that we create.
> Does it mean, that in my scenario:
> User1 <---> Server <--->User2.
>
> If User1 takes an extra action, and explicitly specified 'rwxrwx---'
> permission to .bzr directory BEFORE he makes the push to the server,
> then on the server the permissions will be OK, to let the second user
> to push later?
If you have already created a repository, then setting the mode on just
.bzr won't affect everything that already exists (though newly created
things should get the right permissions).
I think we try to inherit from a containing dir if we can find it. So I
think that doing this works:
mkdir repo
cd repo
chmod g+sw .
chown .group .
bzr init-repo --no-trees .
And avoids having to do any sort of recursive setting.
Though I'll mention that if you access directories via sftp, etc, you
can have problems again. (IIRC sftp automatically strips the setgid bit
when we request it, which is a bit ... difficult.)
>
> 2.
>> Directories need to be group rwx so that we can write into them, but
>> files can be r-x because we don't write to existing files.
>
> So, in other words, if on server, I force the permission to be
> 'rwxrwx___' both on directories AND on files, there is no harm, right?
>
> ( The reason I'm re-asking -- 'chmod -R g+w .bzr' looks for me a bit
> shorter /faster then:
> "...
>> find .bzr -type d -print0 | xargs -0 chmod 2770
>> chown -R .group .bzr
> ...
> "
In general I wouldn't make files executable, so rw- for files and rwx
for directories. g+w is fine, but you'll probably also want the group
bit set on the directories (g+sw), because that helps to have newly
created files still owned by the group. It probably isn't required, but
I would still recommend it.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxXKFQACgkQJdeBCYSNAAMyUwCfeiTe46N0cIobOnkmueG1qWsn
VAgAn0bJ51Q5KNqZf+33QRf3/6i1IMN6
=XEV1
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list