How do you set group permission on repo creation?

Asked by jrenbaum

We are setting up a central server and trying to use groups and user privileges to control access. I initially created folders for a "client" group and individual users as:

root@bazaar-test:/var/new_bzr_repos# ls -al
total 24
drwxr-xr-x 6 root root 4096 2009-08-26 15:27 .
drwxr-xr-x 18 root root 4096 2009-08-27 09:46 ..
drwxrws--- 3 root client 4096 2009-08-27 09:24 client
drwxr-x--- 2 fred root 4096 2009-08-26 15:27 fred
drwxr-x--- 2 john root 4096 2009-08-26 15:27 john
drwxr-x--- 2 mike root 4096 2009-08-26 15:27 mike

fred and john are both members of the "client" group, but mike is not.

John created the mrua repository with branch trunk under the client folder:

root@bazaar-test:/var/new_bzr_repos/client# ls -al
total 12
drwxrws--- 3 root client 4096 2009-08-27 09:24 .
drwxr-xr-x 6 root root 4096 2009-08-26 15:27 ..
drwxr-sr-x 3 john client 4096 2009-08-27 09:24 mrua

and:

root@bazaar-test:/var/new_bzr_repos/client/mrua# ls -al
total 12
drwxr-sr-x 3 john client 4096 2009-08-27 09:24 .
drwxrws--- 3 root client 4096 2009-08-27 09:24 ..
drwxr-sr-x 3 john client 4096 2009-08-27 09:24 trunk

Fred can branch off of this and modify files locally, but when attempting to push files back to the server the push fails with:

bzr: ERROR: Cannot lock LockDir(chroot-160248876:///var/new_bzr_repos/client/mrua/trunk/.bzr/branch/lock): Permission denied: "/var/new_bzr_repos/client/mrua/trunk/.bzr/branch/lock/nriu8djqrw.tmp": [Errno 13] Permission denied: '/var/new_bzr_repos/client/mrua/trunk/.bzr/branch/lock/nriu8djqrw.tmp'

I believe that the set gid I ran on the directory is successfully setting the group ID to "client" when repos are added, but the group permission is still r-x rather than rwx even though it is set as rws at the top level.

How do I configured my shared repository such that the group permissions allow members of the same group to be able to push to the repos created by someone else?

Obviously, I am doing something wrong as bazaar certainly supports this approach, but I am pretty new to bazaar and would appreciate the help.

Thanks,

Jay

Question information

Language:
English Edit question
Status:
Solved
For:
Uninstaller for the Bazaar Macintosh Bundle Edit question
Assignee:
No assignee Edit question
Solved by:
jrenbaum
Solved:
Last query:
Last reply:
Revision history for this message
jrenbaum (jrenbaum) said :
#1

Found the solution. Using ACLs we are able set-up the client directory so that all folders created underneath it are writeable by members of the "client" group.