[Zope] permissions issues with a CVS interface

Dennis Allison allison@sumeru.stanford.EDU
Wed, 9 Apr 2003 12:42:27 -0700 (PDT)


I have built a special purpose interface into CVS (none of the existing
Zope products had the right capabilities) and have gotten it all working
but for the commit.  The commit dies on a permissions problem.

The solution, according to the cvs documentation, is to have all users,
including zope, be members of a 'cvs' group and set the umask and
permissions appropriately.

I have done just that but have run into a problem.  Zope runs as
nobody.nobody but when doing cvs tasks it needs to run as nobody.cvs at
least for those functions that modify the repository. That means that I
need to change group for those cvs commands that modify the repository
which is in the local file system and not exposed to Zope directly.  I
also have to take care to ensure that the group change is local and does
not effect the rest of the running Zope system.

It's not clear how to make things work.  The Python commands that manage
groups follow the Unix convention and are are limited to processes with
root privileges.

I see a couple of possibilities--perhaps the simplest is to make the
'nobody' group the CVS group.  CVS explicitly disallows commits by 
root, but does not appear to disallow commits by 'nobody'.  Alternatively,
I could always spawn a suid process that performs the CVS task--but that
seems overkill and a potential security hole.

There must be a better way.  Comments?  Help?