I have a couple of bash and PHP scripts I created to checkout a local copy of a specific project, rsync the checked out copy to a staging server, and then remove the checked out files. When I commit something to CVS from Eclipse, it uses the extssh method of connecting to CVS and logs into SSH using the username raam
. I discovered that when I create a new file in Eclipse, commit it to CVS, and then run my staging scripts, the staging scripts are unable to checkout and rsync the new file. Why? Because the new file belongs to the raam
group, instead of the cvs
group.
To solve this problem, I needed to change the default group used when the user raam
creates a new file. You can see current group info for yourself using the id
command:
raam@mercury:~$ id
uid=1000(raam) gid=1000(raam) groups=1001(cvs),20(dialout),24(cdrom),25(floppy),29(audio), 33(www-data),44(video),46(plugdev),1000(raam)
As you can see from gid=1000(raam)
, the default group is currently set to raam
. This information is stored in the /etc/passwd
file:
raam@mercury:~$ cat /etc/passwd | grep raam
raam:x:1000:1000:Raam Dev,,,:/home/raam:/bin/bash
The fourth field holds the default gid
. When I ran the id
command earlier, I noticed the gid
for the cvs
group is 1001, so after changing the fourth field for my account in the /etc/passwd
file (root access required), I can run the id
command again and confirm my default group has changed:
raam@mercury:~$ id
uid=1000(raam) gid=1001(cvs) groups=1001(cvs),20(dialout),24(cdrom),25(floppy),29(audio), 33(www-data),44(video),46(plugdev),1000(raam)
This fixed my problem with the staging scripts, because now every new file committed to CVS automatically has the cvs
group and the www-data
account which runs those scripts has access to files in the cvs
group.
In retrospect, this was probably the wrong (or long) solution to my problem. I should have just added the www-data
account to the raam
group, so my PHP scripts had access to files I committed to CVS.
Either way, I learned something new! Thanks to tldp.org for this page on File Security, which explains everything I learned.