[lug] Permissions

Hugh Brown hugh at math.byu.edu
Thu Jan 11 19:18:20 MST 2007


Daniel Webb wrote:
> On Thu, Jan 11, 2007 at 07:56:06AM -0600, Hugh Brown wrote:
> 
>> what about "newgrp svn" and then "touch test"
> 
> Yes, that works if I'm logged in and working at the console, but it doesn't
> solve my problem since what's happening is that I'm committing subversion
> revisions over ssh and getting:
> 
>> svn ci -m c
> Sending        professional/file1.txt
> Sending        professional/file2.txt
> Transmitting file data ..svn: Commit failed (details follow):
> svn: Can't create directory
> '/var/lib/subversion/mydocs/db/transactions/945-1.txn': Permission denied
> 
>> also, does "test" already exist (with restrictive perms)?
> 
> No, the ls output I gave was complete.  It's an empty directory.
>  
>> if the first <...> from groups is more than 255 chars, you have to use 
>> newgrp to get the system to accept your membership to that group
> 
> Here is the full "groups" output:
> 
> webb dialout cdrom floppy audio www-data video model janet stor photo wedding
> mount network music anycvs svn margi laura sbs
> 
> The group "svn" is near the end, but not 255 characters.
> 
> I found this with "linux maximum groups" with Google:
> 
> http://www-1.ibm.com/support/docview.wss?rs=984&uid=swg21207807
> 
> says 16 groups is the maximum for RPC (this is a NIS master, does that mean I'm
> using RPC?) and svn is the 17th group. 
> 
> However,
> 
> http://www.linux-tutorial.info/modules.php?name=Tutorial&pageid=321
> 
> says that 32 groups is the default, but maybe that's a system limit and not
> RPC limit? 
> 
> I found surprisingly few results for that search.  Is it really that uncommon
> to have users that belong to more than 16 groups?  Just the Debian groups I
> use for this user make 7 groups.  Not all those groups are critical, so I'll
> just remove some groups, but I'm surprised at this limitation.
> 


NIS implies rpc.  If you are logging into the nis master, then it 
depends on what your nsswitch.conf says as to whether or not you are 
doing authorization against files or nis.  The last time I ran into this 
problem it was the boss of the company that insisted on being in every 
group in the company and then complaining when it didn't "just work"  It 
was also a NIS environment.  My memory was that it was 255 chars.  This 
obviously doesn't apply to you since webb...anycvs just gets you to 106 
chars.  I can't rmember what options svn understands, but it may be 
possible to get it to run ssh "newgrp svn;$@" or something similar.

If you aren't using dialup, you can drop the dialout group and maybe 
sneak under the limit.

HTH,

Hugh



More information about the LUG mailing list