-->
Previous | Table of Contents | Next
Page 68
- Check that the host supports RCS setuid use. Consult a trustworthy expert if there are any doubts. It is best if
the setuid system calls works as described in POSIX 1003.1a Draft 5, because RCS can switch back and forth
easily between real and effective users, even if the real user is
root. If not, the second best is if the setuid system call
supports saved setuid (the {_POSIX_SAVED_IDS} behavior of POSIX 1003.1-1990); this fails only if the real or effective user is
root. If RCS detects any failure in setuid, it quits immediately.
- Choose a user A to serve as RCS administrator for the set of users. Only A can invoke the rcs command on the
users' RCS files. A should not be root or any other user with special powers. Mutually suspicious sets of users should
use different administrators.
- Choose a pathname B to be a directory of files to be executed by the users.
- Have A set up B to contain copies of ci and
co that are setuid to A by copying the commands from their
standard installation directory D as follows:
mkdir B cp D/c[io] B chmod go_w,u+s B/c[io]
- Have each user prepend B to his/her path as follows:
PATH=B:$PATH; export PATH # ordinary shell
set path=(B $path) # C shell
- Have A create each RCS directory R with write access only to A as follows:
mkdir R chmod go_w R
- If you want to let only certain users read the RCS files, put the users into a group G, and have A further protect the
RCS directory as follows:
chgrp G Rchmod g_w,o_rwx R
- Have A copy old RCS files (if any) into R, to ensure that A owns them.
- An RCS file's access list limits who can check in and lock revisions. The default access list is empty, which
grants checkin access to anyone who can read the RCS file. If you want limit checkin access, have A invoke
rcs _a on the file; see rcs(1). In particular, rcs _e
_aA limits access to just A.
- Have A initialize any new RCS files with
rcs -i before initial checkin, adding the _a option if you want to limit
checkin access.
- Give setuid privileges only to ci, co, and
rcsclean; do not give them to rcs or to any other command.
- Do not use other setuid commands to invoke RCS commands;
setuid is trickier than you think!
ENVIRONMENT
|
RCSINIT
|
Options prepended to the argument list, separated by spaces. A backslash escapes spaces within an
option. The RCSINIT options are prepended to the argument lists of most RCS commands. Useful
RCSINIT options include _q, _V, _x, and _z.
|
|
TMPDIR
|
Name of the temporary directory. If not set, the environment variables
TMP and TEMPs0 are inspected instead and the first value found is taken; if none of them are set, a host-dependent default is
used, typically /tmp.
|
DIAGNISTICS
For each revision, ci prints the RCS file, the working file, and the number of both the deposited and the preceding
revision. The exit status is zero if and only if all operations were successful.
IDENTIFICATION
Author: Walter F. Tichy.
Manual page revision: 5.17; Release date 16 June 1995
Copyright " 1982, 1988, 1989 Walter F. Tichy
Copyright " 1990, 1991, 1992, 1993, 1994, 1995 Paul Eggert
Previous | Table of Contents | Next