Bug#288609: marked as done (cvs: upgrading ignores user configured in inet.d - always sets as 'root')

Debian Bug Tracking System Sun, 16 Jan 2005 09:23:50 -0800

Your message dated Sun, 16 Jan 2005 17:12:56 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#288609: cvs: upgrading ignores user configured in inet.d - 
always sets as 'root'
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Jan 2005 16:28:41 +0000
>From [EMAIL PROTECTED] Tue Jan 04 08:28:40 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inesc.inesc.pt [146.193.0.1] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1ClrY0-00039n-00; Tue, 04 Jan 2005 08:28:40 -0800
Received: from inesc-id.inesc-id.pt (inesc-id.inesc-id.pt [146.193.32.1])
        by inesc.inesc.pt (8.11.6/8.11.6) with ESMTP id j04GSaW17659;
        Tue, 4 Jan 2005 16:28:36 GMT
Received: from gw.esw.inesc-id.pt (esw-gw.inesc-id.pt [146.193.33.42])
        by inesc-id.inesc-id.pt (8.11.6/8.11.6) with ESMTP id j04GSaE15461;
        Tue, 4 Jan 2005 16:28:36 GMT
Received: from smf by gw.esw.inesc-id.pt with local (Exim 4.34)
        id 1ClrXw-0006Vx-2N; Tue, 04 Jan 2005 16:28:36 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Sergio Miguel Fernandes <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: cvs: upgrading ignores user configured in inet.d - always sets as 
'root'
X-Mailer: reportbug 3.5
Date: Tue, 04 Jan 2005 16:28:35 +0000
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: cvs
Version: 1:1.12.9-9
Severity: important

Hi,

I have a cvs pserver running with the following line in /etc/inetd.conf:
cvspserver  stream  tcp  nowait.400  someuser  /usr/sbin/tcpd  
/usr/sbin/cvs-pserver

Whenever I upgrade the cvs package (or run dpkg-reconfigure) it 
gets changed to:
cvspserver  stream  tcp  nowait.400  root  /usr/sbin/tcpd  /usr/sbin/cvs-pserver

I think that this is at least an important bug, because if I forget
to change inetd.conf everytime I upgrade then I get a less secure 
system.  I admit I was tempted to file the bug as critical, but as this
is my first bug report I think I got unsure about it. :-)

Would it be possible to add a debconf option to choose the user 
under which pserver should run, or at least keep any existing 
configuration?

Thanks,
Sergio Fernandes

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages cvs depends on:
ii  debconf                     1.4.41       Debian configuration management sy
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  zlib1g                      1:1.2.2-4    compression library - runtime

-- debconf information:
  cvs/rotatekeep: 7
  cvs/badrepositories: create
  cvs/pserver_warning:
  cvs/rotatekeep_nondefault: no
  cvs/rotate_individual: true
  cvs/pserver_repos_individual: true
* cvs/pserver_setspawnlimit: true
  cvs/rotatekeep_individual: 7
* cvs/pserver_repos: all
* cvs/pserver: true
  cvs/cvs_conf_is_dead:
* cvs/repositories: /cvsroot
* cvs/pserver_spawnlimit: 400
* cvs/rotatehistory: no
* cvs/pserver/_cvsroot: true

---------------------------------------
Received: (at 288609-done) by bugs.debian.org; 16 Jan 2005 17:13:17 +0000
>From [EMAIL PROTECTED] Sun Jan 16 09:13:17 2005
Return-path: <[EMAIL PROTECTED]>
Received: from lump.einval.com (mail.einval.com) [217.147.81.17] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CqDxk-0006hR-00; Sun, 16 Jan 2005 09:13:17 -0800
Received: from bsmtp by mail.einval.com with local-bsmtp (Exim 3.35 #1 (Debian))
        id 1CqDxg-0002AZ-00
        for <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 17:13:12 +0000
Received: from steve by tack.local with local (Exim 3.36 #1 (Debian))
        id 1CqDxQ-0000lR-00; Sun, 16 Jan 2005 17:12:56 +0000
Date: Sun, 16 Jan 2005 17:12:56 +0000
From: Steve McIntyre <[EMAIL PROTECTED]>
To: Sergio Miguel Fernandes <[EMAIL PROTECTED]>,
        [EMAIL PROTECTED]
Subject: Re: Bug#288609: cvs: upgrading ignores user configured in inet.d - 
always sets as 'root'
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="St7VIuEGZ6dlpu13"
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--St7VIuEGZ6dlpu13
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jan 04, 2005 at 04:28:35PM +0000, Sergio Miguel Fernandes wrote:
>Package: cvs
>Version: 1:1.12.9-9
>Severity: important
>
>Hi,
>
>I have a cvs pserver running with the following line in /etc/inetd.conf:
>cvspserver  stream  tcp  nowait.400  someuser  /usr/sbin/tcpd  /usr/sbin/c=
vs-pserver
>
>Whenever I upgrade the cvs package (or run dpkg-reconfigure) it=20
>gets changed to:
>cvspserver  stream  tcp  nowait.400  root  /usr/sbin/tcpd  /usr/sbin/cvs-p=
server
>
>I think that this is at least an important bug, because if I forget
>to change inetd.conf everytime I upgrade then I get a less secure=20
>system.  I admit I was tempted to file the bug as critical, but as this
>is my first bug report I think I got unsure about it. :-)
>
>Would it be possible to add a debconf option to choose the user=20
>under which pserver should run, or at least keep any existing=20
>configuration?

There's no need. The pserver needs to run as root, as it does
authentication itself to allow multiple users to log in and run cvs
commands as themselves. If you want to lock cvs down, you can disable
system authentication and/or PAM authentication and use the cvs
password file instead.

--=20
Steve McIntyre, Cambridge, UK.                                [EMAIL PROTECTED]
com
"I've only once written 'SQL is my bitch' in a comment. But that code=20
 is in use on a military site..." -- Simon Booth

--St7VIuEGZ6dlpu13
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB6qCYfDt5cIjHwfcRAl1iAJ0WAFIHhf6qLoApFXOOv0NEyMd2FACfVWlk
p0opr8XyhoPMm51jS2Ff6gY=
=zWBB
-----END PGP SIGNATURE-----

--St7VIuEGZ6dlpu13--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#288609: marked as done (cvs: upgrading ignores user configured in inet.d - always sets as 'root')

Reply via email to