This post presents a recipe for this issue based solely on basic file system permissions. In the end both users should be able to work on the project folder without blocking access to each other.
Assuming that there are already two users created in the system, say
user1
and user2
, the first thing to do is to create a new user group, here called test
:
groupadd test
Then the users must be added to the new group:
useradd -G test user1
useradd -G test user2
In this example the shared project folder will be stored in /srv
, where data served by applications should reside:
cd /srv
Checkout the project from the SVN repository:
svn checkout http://myserver/svn/myproject
Change the owning group and owning user of the project folder (randomly to user1
):
sudo chown -R user1 myproject/
sudo chgrp -R test myproject/
At this stage user2
isn't yet able to write into the project folder, specific permissions must be granted to the group:
sudo chmod -R g+w myproject/
Now both users can use the project folder but there is still an issue, when one of them creates a new file, or checks out a file from the repository, the owning group will change to the user's default group. To avoid this the SGID bit of the project folder must be set for the group:
sudo chmod -R g+s myproject/
This set up is now sufficient for both users to work in the project folder, but a slight nuisance persists: whenever a new file is created (or is checked out from SVN) its group permissions will be automatically set to read only. Since it continues to belong to the test
group, any other user can change these permissions and resume work, but it is an extra task. To avoid this the user creating the file can change his default file creation settings with umask
:
umask 002
Better still is to set umask
in the user's ~/.profile
file.
Both users can now work on the project folder, issuing commits and upgrades without breaking things down.
No comments:
Post a Comment