Crate Ownership

A given crate is owned by one or more users. The user who first publishes a crate version for a given crate (identifiable by its name) becomes its owner.

Only owners of a crate can publish new versions to that crate.

For the purposes of cargo owner -add and cargo owner --remove subcommands, a user should be identified by the email address associated with their account.

The email address must correspond to an existing user account which is part of the organization account which owns the crate.

See also: cargo owner docs.

Listing Crate Owners

To list current owners of a crate, navigate to the crate directory and run:

$ cargo owner --registry <registry-name> --list (user-id = d4dddf5f-cb77-41dc-9635-1dfc072f40ae)

Note: passing the --registry flag is not required if you set a single registry in the publish field in the crate's Cargo.toml.

The subcommand also provides a --token option, for use if you have not configured your auth token via cargo login. If you get the error message

error: no upload token found, please run `cargo login` or pass `--token`

this indicates you need to pass an auth token using --token or configure the token using cargo login.

The output displayed by a successful cargo owner --list command lists each user who is an owner of the crate. The user's email is listed first, and his or her user id is listed in parenthesis.

Add/Remove Crate Owners

The cargo owner --add subcommand can be used to add owners to a crate, and the cargo owner --remove subcommand can be used to remove users from a crate.

To add a user as an owner of the crate:

$ cargo owner --registry <registry-name> \

Owner added user(s) 4c26f6c5-6aa0-4d36-8aa7-6c846c7acbeb as owner(s) of <crate-name>

Listing crate owners will now display the second user as an owner of the crate:

$ cargo owner --registry <registry-name> --list (user-id = d4dddf5f-cb77-41dc-9635-1dfc072f40ae) (user-id = 4c26f6c5-6aa0-4d36-8aa7-6c846c7acbeb)

To remove a user as an owner of the crate:

$ cargo owner --registry <registry-name> \

Owner removing [""] from crate <crate-name>

Listing crate owners will now display the removed user is no longer an owner:

$ cargo owner --registry <registry-name> --list (user-id = d4dddf5f-cb77-41dc-9635-1dfc072f40ae)

Crate Owners and Account Permissions

An account with Admin permissions may add "itself" as an owner of a crate, using its own auth token, despite not being an owner of the crate.

$ cargo owner --registry <registry-name> \
  --add \

# works

Neither Publish nor Read accounts have this ability.

If you try adding a user to a crate you do not own using an auth token from a Publish or Read account, you will receive the following error:

$ cargo owner --registry <registry-name> \
  --add \

error: failed to invite owners to crate `<crate-name>` on registry

Caused by:
the remote server responded with an error: user does not own the
crate <crate-name>

Alternate Ownership Models

When building the functionality around cargo owner, it seemed likely to us that the current ownership model would not be ideal for a smaller organization.

In the case of a small, high-velocity team, it seems like it would be useful to allow any user with Admin or Publish permissions to publish to any crate in the registry, avoiding the need to manage user-based ownership of each crate.

If you are interested in something like that (or find the existing ownership structure is not suited to your organization's workflow), please reach out to us via email or Zulip, we'd love to hear about it!