I tryed that chroot setup and encountered the same problems. I am not sure what the chroot jail would/could buy you but grief, if you do not want to run cvs as root. Here's what I setup for a non-root pserver. One account, cvspserv, in one group, cvsadm. That account has no password and no login shell. I don't know if this setup helps with anything, but a password and login are not needed for the server account. No users should belong to the cvsadm group. This is the group that owns the CVS repository. (Also have a CM cvsadm account in the cvsadm group, all CM dirs, builds, files, etc. outside the repository are chmod go-w and owned by the cvsadm account) /etc/services are setup the as normal, but the /etc/inetd.conf file has this line instead of the normal one (of course you could use the normal line from the manual replacing the root account with cvspserv): cvspserver stream tcp nowait cvspserv /home/cvsadm/bin/run-cvs run-cvs run-cvs is a c program that calls cvs pserver after reading in a config file for --allowroot options. This allows me to create/move/delete respositories dynamically without having to change inetd.conf. the cvs repositories are located at some place like /cvs/roots/. there is one password file owned by cvsadm account and all the CVSROOT/passwd files are symlinked to it. Access to each project repository is managed by the CVSROOT/writers file. Since only 2 accounts are in the cvsadm group, all access to the repositories must be through pserver, even users on the local machine. (except of course, the cvsadm account) If you are looking for NORAD level security, search the posts for the last fews months. It's a well discussed topic. hope something here helps. Mark --- Rob Eso <[EMAIL PROTECTED]> wrote: > Hey everyone > > I have been trying to setup a chroot cvs server for a while now, > but keep > running into the same problem. I have created a user cvs to run > the > server under, and have chroot'd the server to /home/cvs/jail/ > > i have followed the instructions in a few howtos on setting up a > Chroot > CVS Server, but always run into this problem: > > I am able to login and authenticate with the pserver alright, but > when > I try to import a new project into the respository I get : > > [rae@skywalker myproj]$ cvs -d $CVSROOT import myproj v1 r1 > Fatal error, aborting. > cvs: no such user > cvs import: authorization failed: server vader rejected access to > /cvsroot > for user rob > > The respository is setup in /home/cvs/jail/cvsroot > > the CVSROOT/passwd file contains: > > rob::cvs > billy::cvs > susy::cvs > > the CVSROOT/readers file contains: > > susy > > the CVSROOT/writers file contains: > rob > billy > > (Just using sample names ) > > But each time I get the no such user error. > > I have gone seaching though the cvs-info mailing list archive, > and found > no other mention of this problem. I am curious though, is a > chroot jail > necessary? In one thread about the chroot patch for 1.10, > someone posted > that it was easy for a malicious user to execute a script and > escape from > the chroot jail, which makes me wonder what is the point then of > a chroot > jail? > > Oh yes, i am running Red Hat 7.1 with > CVS 1.11 ( cvs-1.10.8-8.i386.rpm ) > > Thanks > > ------------------------- > < Rob > > < [EMAIL PROTECTED] > > ------------------------- > \ ^__^ > \ (**)\_______ > (__)\ )\/\ > U ||----w | > || || > > > > _______________________________________________ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs __________________________________________________ Do You Yahoo!? Spot the hottest trends in music, movies, and more. http://buzz.yahoo.com/ _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs