0068-0068.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Linux Complete Command Reference:User Commands:EarthWeb Inc.-</TITLE>
</HEAD>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311046 //-->
<!-- TITLE=Linux Complete Command Reference//-->
<!-- AUTHOR=Red Hat//-->
<!-- PUBLISHER=Macmillan Computer Publishing//-->
<!-- IMPRINT=Sams//-->
<!-- CHAPTER=01 //-->
<!-- PAGES=0001-0736 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->

<P><CENTER>
<a href="0066-0067.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0069-0071.html">Next</A></CENTER></P>



<A NAME="PAGENUM-68"><P>Page 68</P></A>


<UL>
<LI>     Check that the host supports RCS setuid use. Consult a trustworthy expert if there are any doubts. It is best if
the setuid system calls works as described in POSIX 1003.1a Draft 5, because RCS can switch back and forth
easily between real and effective users, even if the real user is
root. If not, the second best is if the setuid system call
supports saved setuid (the {_POSIX_SAVED_IDS} behavior of POSIX 1003.1-1990); this fails only if the real or effective user is
root. If RCS detects any failure in setuid, it quits immediately.
<LI>     Choose a user A to serve as RCS administrator for the set of users. Only A can invoke the rcs command on the
users' RCS files. A should not be root or any other user with special powers. Mutually suspicious sets of users should
use different administrators.
<LI>     Choose a pathname B to be a directory of files to be executed by the users.
<LI>     Have A set up B to contain copies of ci and
co that are setuid to A by copying the commands from their
standard installation directory D as follows:
</UL>


<!-- CODE SNIP //-->
<PRE>
mkdir B cp D/c[io] B chmod go_w,u+s B/c[io]
</PRE>
<!-- END CODE SNIP //-->


<UL>
<LI>     Have each user prepend B to his/her path as follows:
</UL>


<!-- CODE SNIP //-->
<PRE>
PATH=B:$PATH; export PATH # ordinary shell
set path=(B $path) # C shell
</PRE>
<!-- END CODE SNIP //-->


<UL>
<LI>     Have A create each RCS directory R with write access only to A as follows:
</UL>


<!-- CODE SNIP //-->
<PRE>
mkdir R chmod go_w R
</PRE>
<!-- END CODE SNIP //-->

<UL>
<LI>     If you want to let only certain users read the RCS files, put the users into a group G, and have A further protect the
RCS directory as follows:
</UL>


<!-- CODE SNIP //-->
<PRE>
chgrp G Rchmod g_w,o_rwx R
</PRE>
<!-- END CODE SNIP //-->


<UL>
<LI>     Have A copy old RCS files (if any) into R, to ensure that A owns them.
<LI>     An RCS file's access list limits who can check in and lock revisions. The default access list is empty, which
grants checkin access to anyone who can read the RCS file. If you want limit checkin access, have A invoke
rcs _a on the file; see rcs(1). In particular, rcs _e
_aA limits access to just A.
<LI>     Have A initialize any new RCS files with
rcs -i before initial checkin, adding the _a option if you want to limit
checkin access.
<LI>     Give setuid privileges only to ci, co, and
rcsclean; do not give them to rcs or to any other command.
<LI>     Do not use other setuid commands to invoke RCS commands;
setuid is trickier than you think!
</UL>



<P><B>
ENVIRONMENT
</B></P>

<TABLE>

<TR><TD>
RCSINIT
</TD><TD>
Options prepended to the argument list, separated by spaces. A backslash escapes spaces within an
option. The RCSINIT options are prepended to the argument lists of most RCS commands. Useful
RCSINIT options include _q, _V, _x, and _z.
</TD></TR><TR><TD>
TMPDIR
</TD><TD>
Name of the temporary directory. If not set, the environment variables
TMP and TEMPs0 are inspected instead and the first value found is taken; if none of them are set, a host-dependent default is
used, typically /tmp.
</TD></TR></TABLE>


<P><B>
DIAGNISTICS
</B></P>

<P>For each revision, ci prints the RCS file, the working file, and the number of both the deposited and the preceding
revision. The exit status is zero if and only if all operations were successful.
</P>


<P><B>
IDENTIFICATION
</B></P>


<P>Author: Walter F. Tichy.</P>
<P>Manual page revision: 5.17; Release date 16 June 1995</P>
<P>Copyright &quot; 1982, 1988, 1989 Walter F. Tichy</P>
<P>Copyright &quot; 1990, 1991, 1992, 1993, 1994, 1995 Paul Eggert </P>





<P><CENTER>
<a href="0066-0067.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0069-0071.html">Next</A></CENTER></P>



</td>
</tr>
</table>
<!-- begin footer information -->




</body></html>