DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Source code control system (SCCS)

Protection

SCCS relies on the capabilities of the UNIX system for most of the protection mechanisms required to prevent unauthorized changes to SCCS files, that is, changes by non-SCCS commands. The only protection features directly provided by SCCS are:

Files created by the admin command are given access permission mode 444 (read only). This mode should remain unchanged because it prevents modification of SCCS files by non-SCCS commands. Directories containing SCCS files should be given mode 755, which allows only the owner of the directory to modify it.

SCCS files should be kept in directories containing only SCCS files and any temporary files created by SCCS. This simplifies their protection and auditing. Directories should contain logical groupings of SCCS files: for example, subsystems of the same large project.

SCCS files must have only one link (name) because commands that modify an SCCS file do so by creating a copy of the file (see ``SCCS command conventions''). When processing is completed, the x-file is automatically renamed with an s. prefix. If the old file had more than one link, the renaming would break them. Rather than process these files, SCCS commands produce an error message.

When only one person uses SCCS, the real and effective user IDs are the same; the user ID owns the directories containing SCCS files. Therefore, SCCS can be used directly without any preliminary preparation.

When several users with unique user IDs are assigned SCCS responsibilities, one user ID should be selected as the owner of the SCCS files. This person is responsible for all administration (admin) of the SCCS files. This limits the privileges and permissions allowed to other users. To work around this limitation, it is recommended that a project-dependent user interface be set up allowing other (non-SCCS administrator) users access to the get, delta, and rmdel SCCS commands.

The interface program must be owned by the SCCS administrator and must have the set-user-ID-on-execution bit on. (See chmod(C)). This assures that the effective user ID is that of the SCCS administrator. The owner of an SCCS file can modify it at will. Other users whose login names or group IDs are in the user list for that file (but are not the owner) are given the necessary permissions only for the duration of the execution of the interface program. Thus, they may modify SCCS only with delta and, possibly, rmdel and cdc.


Next topic: Formatting
Previous topic: SCCS files

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003