2.2.2 File permissions
All `,v' files are created read-only, and you
should not change the permission of those files. The
directories inside the repository should be writable by
the persons that have permission to modify the files in
each directory. This normally means that you must
create a UNIX group (see group(5)) consisting of the
persons that are to edit the files in a project, and
set up the repository so that it is that group that
owns the directory.
(On some systems, you also need to set the set-group-ID-on-execution bit
on the repository directories (see chmod(1)) so that newly-created files
and directories get the group-ID of the parent directory rather than
that of the current process.)
This means that you can only control access to files on
a per-directory basis.
Note that users must also have write access to check
out files, because CVS needs to create lock files
(see section Several developers simultaneously attempting to run CVS). You can use LockDir in CVSROOT/config
to put the lock files somewhere other than in the repository
if you want to allow read-only access to some directories
(see section The CVSROOT/config configuration file).
Also note that users must have write access to the
`CVSROOT/val-tags' file. CVS uses it to keep
track of what tags are valid tag names (it is sometimes
updated when tags are used, as well as when they are
Each RCS file will be owned by the user who last
checked it in. This has little significance; what
really matters is who owns the directories.
CVS tries to set up reasonable file permissions
for new directories that are added inside the tree, but
you must fix the permissions manually when a new
directory should have different permissions than its
parent directory. If you set the
environment variable that will control the file
permissions which CVS uses in creating directories
and/or files in the repository.
not affect the file permissions in the working
directory; such files have the permissions which are
typical for newly created files, except that sometimes
CVS creates them read-only (see the sections on
watches, Telling CVS to watch certain files; -r, Global options; or
CVSREAD, All environment variables which affect CVS).
Note that using the client/server CVS
(see section Remote repositories), there is no good way to
CVSUMASK; the setting on the client machine
has no effect. If you are connecting with
CVSUMASK in `.bashrc' or `.cshrc', as
described in the documentation for your operating
system. This behavior might change in future versions
of CVS; do not rely on the setting of
CVSUMASK on the client having no effect.
Using pserver, you will generally need stricter
permissions on the CVSROOT directory and
directories above it in the tree; see Security considerations with password authentication.
Some operating systems have features which allow a
particular program to run with the ability to perform
operations which the caller of the program could not.
For example, the set user ID (setuid) or set group ID
(setgid) features of unix or the installed image
feature of VMS. CVS was not written to use such
features and therefore attempting to install CVS in
this fashion will provide protection against only
accidental lapses; anyone who is trying to circumvent
the measure will be able to do so, and depending on how
you have set it up may gain access to more than just
CVS. You may wish to instead consider pserver. It
shares some of the same attributes, in terms of
possibly providing a false sense of security or opening
security holes wider than the ones you are trying to
fix, so read the documentation on pserver security
carefully if you are considering this option
(Security considerations with password authentication).