Today I wanted to figure out how to set up read-only anonymous access to CVS. When I think "anonymous CVS", I think "pserver", so looked that up in the Cederqvist and Karl Fogel's cvsbook. Seems easy enough, but then I looked at that inetd.conf line again and saw the word "root". Neither one draws any attention to this at all, but "run as root" is definitely *not* one of my requirements for "read-only anonymous".
A search on cvshome brought up this patch to the documentation* from Karl Fogel, which was evidently never applied. And there's no indication of how relevant that information -- now over five years old -- is today. * http://www.cvshome.org/dev/patches/nonroot Please confirm this is a most sane way to do read-only pserver: I. For read-only access of any kind: 1. Create a directory /var/lock/cvs, *writable* to all CVS readers, plus sticky bit (aka "restricted deletion flag", so users cannot delete each others' locks). 2. Add LockDir=/var/lock/cvs to CVSROOT/config. 3. Ensure modules are readable-not-writable to any read-only users of CVS. II. The read-only pserver: 0. Assumption: You're not using pserver for anything else. 1. Create an account 'anoncvs' with shell /bin/false. 2. Make anoncvs's group membership consistent with requirements in I. 3. Add 'anoncvs:' to CVSROOT/passwd. (Add a password here if you wish.) 4. Add anoncvs to CVSROOT/readers to tell CVS this is a read-only user. (This should be redundant, as if your unix permissions are set correctly, the server running as anoncvs should be simply unable to write anything.) 5. In CVSROOT/config, set SystemAuth=no. This instructs pserver to not attempt to do anything as people who are not in CVSROOT/passwd. (This should be redundant, as without root pserver will not be able to switch to other users, but can't hurt.) 6. Configure inetd as instructed in cvsbook or the Cederqvist, with one important exception: where it says "root", instead use "anoncvs". e.g.: cvspserver stream tcp nowait anoncvs /usr/local/bin/cvs cvs -f --allow-root=/usr/cvsroot pserver A Question: Is installing pserver with an unprivileged user any more secure than allowing people to ssh in as this underprivledged user with its shell set to an "exec /usr/bin/cvs server" script? Why or why not? A final plea: Please include a warning in the "Anonymous Access" chapter of cvsbook and "Read-only repository access" chapter in Cederqvist. They both seem to suggest that pserver is the correct way to do this, and both run pserver as root. Recommending running an anonymous service (which is *supposed* to be read-only) as root is likely a larger security bug than any single unchecked buffer overflow, and Karl Fogel's patch to address this matter seems to have been left to rot for five years. Sincerely, - Kevin Turner -- The moon is last quarter, 60.7% illuminated, 21.1 days old. _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
