pserver user id's
Hello. I have a repository configured and working with pserver. I want to restrict user's permissions on subdirectories in the repository. I don't want user A to see user B's projects and vice versa. In my $CVSROOT/CVSROOT/passwd file, I have something like: divap:YBGW948yOKKSA:cvsadm divap is a user on the system. The user id under which CVS runs is 'cvsadm'. In $CVSROOT, I have a subdirectory that looks like this: drwxrws--x 3 divapdhdev 512 Jul 06 17:16 divap/ This all works fine except that, the pserver user divap can read ALL the projects in all the other subdirectories because on the server, he is actually running as cvsadm (see the passwd file entry above). If I change the passwd file to look like this: divap:YBGW948yOKKSA:divap I get an error when I try to run a 'checkout' on a project in the divap directory that says: cvs [checkout aborted]: unrecognized auth response from cae1axp1: setgroups: Not owner I don't want everyone to run as the administrator account (cvsadm) and the docs seem to indicate that they can run as themselves (their shell accounts) but I get the above error. Any help would be GREATLY appreciated. Andrew ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: pserver user id's
I believe my problem lies in that my inetd.conf specifies to run cvspserver under the cvsadm user account. When I have my $CVSROOT/CVSROOT/passwd file configured like, username:password:cvsadm, everything works great. With the exception that user A can see user B's projects and vice versa. This is because cvsadm owns the repository directory structure. The mode for it is 771. When I change the passwd file to username:password:username, this does not work. I get the previously mentioned error. My belief is that pserver is running as cvsadm but wants to run in the context of the user specified in passwd. I don't know that this is possible unless pserver is running as root. In a sandbox environment, I have changed pserver to run as root (in inetd.conf) and it works correctly. I may be missing something but that's the way things appear to me. Is there any danger in having pserver run as root? inetd.conf contains many other services running as root. I realize that ANY service running as root or otherwise introduces certain vulnerabilities. Thanks for any clarification anyone can provide. Andrew ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Can you use pserver with multiple repositories?
I have a directory named /cvs in which I would like to place several CVS repositories. I began with creating a repository (cvs -d /cvs init) in the /cvs directory and configuring pserver. This all works well and I can access the repository from remote machines with something like: cvs -d :pserver:[EMAIL PROTECTED]:/cvs login But... I wanted to create subrepositories like /cvs/mq, /cvs/java, etc. This works fine as well as long as I am on the machine where I have created the repositories. I can do things like, cvs -d /cvs/mq import..., and that works fine. The problem comes when I try to use pserver to access one of the subrepositories from a remote machine like: cvs -d :pserver:[EMAIL PROTECTED]/cvs/mq login I get an error no such repository. Is this because the entry in inetd.conf specifies --allow-root=/cvs ? In other words, pserver only knows about the one repository which exists in /cvs. It doesn't look for the one I specify on the command line on the remote computer. So the question is, can you only use a single repository on a given machine where pserver is configured? No subrepositories? Thanks in advance. Andrew ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
