On 29Jan2008 10:25, Martin Marques <martin@xxxxxxxxxxxxxxxxxxx> wrote: > Cameron Simpson escribió: >> Not really. Anyone can use a VCS. Why should they need to be in a particular >> group? That is a policy decision for your particular system. Example: at my >> workplace there are SVN and CVS repositories with _different_ groups to >> constrain access to particular project groups. > > You mean that all the other groups that a normal Fedora Server/Workstation > has are always needed? Most are for running daemons or constraining access to a resource (eg tape). Since the daemon exists, or the resource exists, a group is needed. But Mercurical is just a set of tools - you can and often do run it as a client with no server. > What group should /var/cvs or /var/lib/cvs have? Shrug. The former is owned by root here, but it is NOT where we put our CVS repositories. If there isn't a group, make one called "cvs" or (much better) "my-org-developer-group" - not that literally, but maybe something like "foodev" or "foosrc" if you work for "foo.com". This has the advantage that it is outside the vendor group name space (by sheer probability, nothing more rigourous), unlikely to collide with some other package's "vendor" group name. And for an official thing (official-for-you, not official-for-fedora), I wouldn't put the repository in /var at all. We tend to use "normally backed up places" for that, like /home/cvs or /app/cvs etc. Again, _out_ of the vendor filename space. >> For your system you may well have a single group who uses the VCS, and >> then you need only one group. But you don't really need a group at all >> (for example, I have a few mercurial repositories at home wholly for me >> - no group is involved at all). > > Well, actually I was trying to build a centralized mercurial repository to > share with hgweb, and I stumbled when looking for a group to use. "src" may well be just fine. But I'd make a more personalised one myself. > BTW, a /var/lib/hg directory wouldn't hurt to have after installing > mercurial. If you want to have a centralized copy to share, you know where > to put it (in a standardized mode), else, it's just an empty directory > laying there. Maybe. But I know I would not use it myself. >> So a VCS shouldn't impose a group on the system. Make the group >> yourself, and set your own policy as you see fit. > > Why not have a standard group for this? For the reasons above: you may not want just one. Overprovision of unused groups tends to make things harder for people, not easier, because of the chances of collision with a preexisting group. Imagine you've got a "src" group already from your existing systems, in use across you LAN via NFS with a particular GID. Now you install a new Fedora system, and install Mercurial and suppose it ships with a "src" group. If your install happens before integration with the other systems (we tend to install standalone and then run a "join the LAN" customisation script) then it will likely have a different GID from the other systems. And now you have a problem. This happens to us all the time as we have many machines from different vendors of different ages. We have evolved work practices to deal with it, but the problem is real. I'm not saying your suggestion is ridiculous. I'm saying it's not needed, strictly speaking. They may well be _reasonable_, and I wouldn't say it would be a bad thing. Cheers, -- Cameron Simpson <cs@xxxxxxxxxx> DoD#743 http://www.cskk.ezoshosting.com/cs/ Tachyon: A gluon that's not completely dry.