Help in locking
Hello, I want to implement locking (read and/or write) facility for users (especially for those having system user ID) in my CVS server which is running in RedHat Linux 7.0. Can any one help me to do this? Also I don't have any idea how to setup password protection for whose not having system user ID. Sofar i just included anonymous user name without password protection. Even if they are able to login using "cvs login" command, they are not able to read and/or write the modules. ie., so far only my system user ID's are used to checkout modules and update anything inside the modules. So please help me to implement locking (read and/or write) to secure my system from loss of data by those having system user ID. thanks, Yours, Kalimuthu Pothi. __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
user read rights
Hi, i need to restric users from reading several cvs folders in repository. Onlyone usergroup should have access to the folder, others should not be able read from it. If I set the user rights on folders, the Wincvs reports errors - it can not perform "find" in these folders even if users dont want to work withthese folders from repository. But I'd like to keep these errors invisible for users. Is there any way to do this? Whats the regular way/common pratice doing these read rights? Thanks -NilsJ
chroot_cvssh.c
Hi.
Feel free to check the attached file for errors/(security problems) and
let me know what you think.
/* chrooted cvs-(ssh)-shell [EMAIL PROTECTED]
[0x00] what is it
It's a (secure?) "shell" to use cvs with ssh without
the need to give cvs-users an interactive shell.
I hacked this together yesterday afternoon.
First i used a stunnel + cvs solution.
This cvssh solution is smaller, faster, crypted, chrooted and
doesn't depend on cvspserv.
User management and auth. is pretty easy. We use /etc/passwd and
and the present unix file permissions.
We just give the user who wants to use cvs but we dont
want to have on our system (interactive shell) the "chroot_cvssh"
as a shell.
chroot_cvssh can only execute "/bin/cvs server" and nothing else.
[0x01] How to compile
gcc -Wall -O2 -o chroot_cvssh chroot_cvssh.c
[0x02] How to install
cp chroot_cvssh /bin/chroot_cvssh
chmod 4710 /bin/chroot_cvssh
chgrp chrootuser /bin/chroot_cvssh
mkdir /home/chrooted/sshcvs/cvs
mkdir /home/chrooted/sshcvs/bin
(some other directories needed for chrooted env. see list)
[0x03] How to configure
create a user "cvs (800)" with home directory /home/chrooted/sshcvs.
Create a group "cvs (800)". Make the user "cvs" member of
the group "cvs":
cvs:x:800:800:cvs,,,:/home/chrooted/sshcvs:/bin/chroot_cvssh
Create users who should have access to the
cvs-tree (+rw!):
plasmoidcvs:x:801:800:plasmoidcvs,,,:/home/chrooted/sshcvs:/bin/chroot_cvssh
skypercvs:x:802:800:skypercvs,,,:/home/chrooted/sshcvs:/bin/chroot_cvssh
...
(hint hint: they are all members of group "cvs")
Create your repositories in /home/chrooted/sshcvs/cvs
[0x04] How to use
The user can access the cvs via ssh + cvs:
$ export CVSROOT=username@server:/cvs
$ export CVS_RSH=ssh
$ cvs checkout test
Thats it.
[0x05] How to secure
# chown -R root.root CVSROOT
# chattr +i CVSROOT # this is optional...but I'm paranoid!
mount /cvs via loopback-device with noexec flag:
[or if you are as lame as I am creata a fs in a file and mount
the file via loopback]
dd if=/dev/zero of=/home/chrooted/cvs.fs bs=1k count=50
mke2fs /home/chrooted/cvs.fs
mount /home/chrooted/cvs.fs -o loop=/dev/loop6,noexec,nodev \
/home/chrooted/sshcvs/cvs
Here is a listing of files you may need in
your chrooted environement:
Use the permission flags exactly as shown in this list:
drwx--x--x2 root root 4096 Mar 15 17:06 bin
lrwxrwxrwx1 root root1 Mar 15 18:28 chrooted - .
drwxrwsr-x6 cvs cvs 4096 Mar 16 00:16 cvs
drwx--x--x2 root root 4096 Mar 15 17:30 dev
drwxr-xr-x2 root root 4096 Mar 15 22:42 etc
lrwxrwxrwx1 root root1 Mar 15 18:28 home - .
drwx--x--x2 root root 4096 Mar 15 17:24 lib
lrwxrwxrwx1 root root1 Mar 15 17:22 local - .
lrwxrwxrwx1 root root1 Mar 15 18:28 cvs- .
drwxrws---2 root cvs 4096 Mar 16 01:33 tmp
lrwxrwxrwx1 root root1 Mar 15 17:22 usr - .
./bin:
-rwx--x--x1 root root 1511918 Mar 15 23:29 cvs
./cvs:
drwxrwsr-x3 root root 4096 Mar 14 18:03 CVSROOT
drwxrwsr-x3 skypercvs cvs 4096 Mar 16 01:33 test
./cvs/CVSROOT:
drwxrwsr-x3 root root 4096 Mar 14 18:03 .
-rw-rw-r--1 root root 493 Nov 26 23:45 .#checkoutlist
-rw-rw-r--1 root root 760 Nov 26 23:45 .#commitinfo
-rw-rw-r--1 root root 527 Nov 26 23:45 .#config
-rw-rw-r--1 root root 753 Nov 26 23:45 .#cvswrappers
-rw-rw-r--1 root root 1025 Nov 26 23:45 .#editinfo
-rw-rw-r--1 root root 1141 Nov 26 23:45 .#loginfo
-rw-rw-r--1 root root 1151 Nov 26 23:45 .#modules
-rw-rw-r--1 root root 564 Nov 26 23:45 .#notify
-rw-rw-r--1 root root 649 Nov 26 23:45 .#rcsinfo
-rw-rw-r--1 root root 879 Nov 26 23:45 .#taginfo
-rw-rw-r--1 root root 1026 Nov 26 23:45 .#verifymsg
drwxrwsr-x6 root root 4096 Mar 16 00:16 ..
drwxrwsr-x2 root root 4096 Nov 26 23:45 Emptydir
-r--r--r--1 root root 493 Nov 26 23:45 checkoutlist
-r--r--r--1 root root 697 Nov 26 23:45 checkoutlist,v
-r--r--r--1 root root 760 Nov 26 23:45 commitinfo
-r--r--r--1 root root 964 Nov 26 23:45 commitinfo,v
-r--r--r--1 root root 527 Nov 26 23:45 config
-r--r--r--1 root root 731 Nov 26 23:45 config,v
-r--r--r--1 root root 753 Nov 26 23:45 cvswrappers
-r--r--r--1 root root 957 Nov 26 23:45 cvswrappers,v
-r--r--r--1 root root 1025 Nov 26 23:45 editinfo
RE: CVS mail
You could install a mailing list program and mail the messages to it. Then the users could subscribe and set digest mode if they want them consolidated. Eric Anita Chacko wrote: I want to send mail to cvs users only once for every fixed number of commits/updates.How can I achieve this??Can anyone suggest how I can change any scripts? Can I change anything to send a consolidated mail once an hour or so? Pls help as our users are being inundated by mails.Sometimes we get hundreds of mails in a day. File: ATT00107.html ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: how to get username at the time of commit
Kudiyarasan writes: Being a new user of CVS , I do not know how to get the user name of a file at the time of committing that file . http://www.cvshome.org/docs/manual/cvs_18.html#SEC176 env is CVS 1.10.7 + pserver Please upgrade to the current release (1.11), which you can get from www.cvshome.org. -Larry Jones ANY idiot can be famous. I figure I'm more the LEGENDARY type! -- Calvin ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Help in locking
POTHI writes: I want to implement locking (read and/or write) facility for users (especially for those having system user ID) in my CVS server which is running in RedHat Linux 7.0. Can any one help me to do this? What kind of locking? CVS is the *concurrent* versions system, it is not designed for exclusive checkouts. Also I don't have any idea how to setup password protection for whose not having system user ID. http://www.cvshome.org/docs/manual/cvs_2.html#SEC30 Users without a system UID must be mapped to some valid system user in the CVSROOT/passwd file. -Larry Jones I'm so disappointed. -- Calvin ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Revision numbers
Hi! Just from curiosity... I wondering when will a revision number of form n.m change to the form n+1.1 ? If I'm not using cvs co -r n+1.1 is there another case in which CVS will change a revision number from n.m to n+1.1 ? I guess it must be at least one case when m reaches the maximum number of datatype on which is stored.(32 bits?) But is there another possibility too? Thanks in advance, Tamas ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Loginfo uses
Is it possible to set some sort of script to run in loginfo that would, on checkin, edit the version number inside the file. In otherwords, in our files..there would be a line saying something like //Version 1.2.1 We could then write a sed script to change it..however, the problem that I forsee is loginfo would never get the text of the file or anything, just a diff at the most. Maybe I'll looking into the wrong area but I would think that loginfo is where this would have to be placed. Has anyone else got this to work? If I'm totally off base, I'm sure someone will point out my mistake :). Thanks. KS ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Merge algorithm
Hi! I got another question... Is the merge algorithm used by CVS documented somewhere? I would really appreciate if someone could point me to it. Thanks in advance, Tamas ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Revision numbers
Szab Tams [EMAIL PROTECTED] writes: I wondering when will a revision number of form n.m change to the form n+1.1 ? That will only happen if you manually force the revision number in a commit (I forget if this is even an option in cvs - the only time I've ever actually done it is with RCS, which does allow specifying the revision). In general it's best to let CVS decide which numerical revision number to use, and make a symbolic tag for places you want to reference later. I guess it must be at least one case when m reaches the maximum number of datatype on which is stored.(32 bits?) I've never looked at the code to determine that, but it's highly unlikely that anyone will ever make 4 billion revisions of the same file ;-) ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
