> Hi, > > We want to use the jCVS as CVS-Client so we need the CVS as a pserver and > for the problem of dealing with multiple "--allow-root=foo" lines and making the > server more secure we found a > c-program at > > http://www.unixtools.org/cvs/run-cvs.c > > This program will be called in the inetd.conf file: > > 2401 stream tcp nowait root /path-to/run-cvs run-cvs > > It changes the root directory to a subdirectory of the cvsadmin-user, sets the > userid and groupid and calls the cvs-server. > > We use CVS (jCVS) on HP. > The problem is, that this program (we changed it > a little bit, as you can see further down) works well on linux, but on HP we > get on error: > > jCVS test gives as the following protocoll: > > jCVS II Version 5.1.1 > Licensed under the GNU General Public License. > License is available at <http://www.gjt.org/doc/gpl/> > Property 'os.name' = 'HP-UX' > Property 'user.name' = 'eh' > Property 'user.home' = '/fdsk4/users/eh' > Property 'user.dir' = '/fdsk4/users/eh' > CVS Timestamp timezone set to 'GMT' > ======================== CVSClient.processCVSRequest > ======================== > Command: noop > Repository: > RootRepository: /Projects/FirstRepo > CVSServer: [EMAIL PROTECTED] > RootDirectory: /Projects/FirstRepo > LocalDirectory: > Connect Method: INETD > Rsh Command: null > Server Command: (not applicable) > isPServer? 'true ' user 'eh' pass 'Ad'E?o4' > There are no user set variables. > NumEntries: 0 NumArguments: 0 > GlobalOptions: 0 GzipStreamLevel: 6 > redirectOutput 'false' execInCurDir 'true ' > sendEntries 'false' sendEntryfiles 'false' > sendModifieds 'false' sendEmptyMods 'false' > sendArguments 'false' ignoreResult 'false' > sendModule 'false' allowOverWrites 'false' > displayReponse 'false' handleUpdated 'false' > handleMerged 'false' handleCopyFile 'false' > handleEntries 'false' handleFlags 'false' > queueResponse 'true ' responseHandler 'null ' > includeNotifies 'false' notifiesSize 'null' > *************************************************** > ************************* > CVSRequest: opening server... > CVSClient.openServer: creating connection... > CVSClient.openServer: creating i/o streams... > CVSClient.openServer: server is open. > CVSRequest: server is open. > AUTHENTICATE: verifyOnly? 'false' userName 'eh' password 'Ad'E?o4' > CVSClient.SENDLine: 'BEGIN AUTH REQUEST' > CVSClient.SENDLine: '/Projects/FirstRepo' > CVSClient.SENDLine: 'eh' > CVSClient.SENDLine: 'Ad'E?o4' > CVSClient.SENDLine: 'END AUTH REQUEST' > CVSClient.READLine: 'I LOVE YOU' > AUTHENTICATE: REPLY: 'I LOVE YOU' > CVSClient.SENDLine: 'valid-requests' > CVSClient.READLine: 'Valid-requests Root Valid-responses > valid-requests Reposito > ry Directory Max-dotdot Static-directory Sticky Checkin-prog > Update-prog Entry K > opt Checkin-time Modified Is-modified UseUnchanged Unchanged Notify > Questionable > Case Argument Argumentx Global_option Gzip-stream > wrapper-sendme-rcsOptions Set > expand-modules ci co update diff log add remove update-patches > gzip-file-conten > ts status rdiff tag rtag import admin export history release watch-on > watch-off > watch-add watch-remove watchers editors init annotate noop' > CVSClient.READLine: 'ok' > PARSE: ok > Valid Requests: useUnchanged 'true' useDirectory 'true' > CVSRequest: send root directory... > CVSClient.SENDLine: 'Root /Projects/FirstRepo' > Utilitizing Gzip-stream mode at level 6. > CVSClient.SENDLine: 'Gzip-stream 6' > CVSClient.SENDLine: 'Valid-responses E M ok error Valid-requests > Created Merged > Updated Update-existing Removed Remove-entry New-entry Checked-in > Checksum Copy- > file Notified Clear-sticky Set-sticky Clear-static-directory > Set-static-directory ' > CVSClient.SENDLine: 'UseUnchanged' > CVSRequest: send entries... > CVSRequest: send root repository... > CVSClient.SENDLine: 'Directory .' > CVSClient.SENDLine: '/Projects/FirstRepo' > CVSRequest: send command 'noop' > CVSClient.SENDLine: 'noop' > CVSRequest: reading response... > CVSClient.READLine: 'error No such file or directory' > PARSE: error 'error No such file or directory' > **========================================================================** > > And here is our program run-cvs: > > #include <stdlib.h> > #include <unistd.h> > > #define BASE "/fdsk3/users/cvsadmin/CVS" > #define OWNER_UID 800 > #define OWNER_GID 80 > > int main(int argc, char *argv[]) > { > int res; > > res = chdir(BASE); > if ( res == -1 ) { > printf("Error changing to cvs server root."); > exit(1); > } > > res = chroot(BASE); > if ( res== -1 ) { > printf("Error changing to root directory."); > exit(2); > } > > res = setresgid(OWNER_GID, OWNER_GID, OWNER_GID); > if ( res== -1 ) { > printf("Error changing group id."); > exit(3); > } > > res = setresuid(OWNER_UID, OWNER_UID, OWNER_UID); > if ( res== -1 ) { > printf("Error changing user id."); > exit(42); > } > > res = execl("/bin/cvs","cvs", > "--allow-root=/Projects/FirstRepo", > "--allow-root=/Projects/RoGIS", > "--allow-root=/Projects/WWW", > "pserver", > NULL); > if ( res == -1 ) { > printf("Error starting cvs service!",res); > exit(-1); > } > > } > > Does anybody has an idea how to solve this problem?? > > Thanks, > Elvira ---------------> [EMAIL PROTECTED] <------------------
