Re: Right Permissons !?

[Greg A. Woods]

[ On Thursday, September 27, 2001 at 15:24:05 (-0700), Chris Barker wrote: ]
> Subject: Re: Right Permissons !?
>
> After reading this mailing list for a day, that seems to be pretty
> clear. Unfortunately, while I'm sure the info is there in the manual,
> going through it to figure out how to set it up did not make thaqt
> clear. It's time for me to figure out how to use rsh instead. I'm right
> now reading the section: "Connecting with rsh", and I'm still somewhat
> confused.

Connecting with RSH is really trivial.  You just make sure that you can
do something like "rsh cvs.server.host date" (i.e. successfully run the
'date' command on the CVS server host) and then use the ":ext:" method
in your CVSROOT specification.  (The manual gives another slightly more
specific test that might be needed if you have a different user-id on
the server host, but hopefully you can avoid that.)

If you want to use SSH it's just about as easy.  Do the same test, but
with "ssh", then set CVS_RSH=ssh in your environment.  All the rest
works the same (i.e. with ":ext:" in your CVSROOT setting).

Any other issues are really specific to RSH or SSH themselves, such as
setting the path (or CVS_SERVER), etc.

> The remote users are running windows and WinCVS: can they use rsh? all
> the examples I see are for pserver. I'll keep RTFMing ...

I dunno about RSH on M$-Windoze -- there are nasty issues if you have
the wrong RSH/RSHd implementation(s).  But I do know that SSH works OK
with WinCVS.  The best instructions on setting up the WinCVS client for
SSH are probably those published by SourceForge.net.

> OK, and I did chmod g+s on all the directories, and set all of them to
> group cvs. It still doesn't work. A remote user on WinCVS adds a
> directory, puts a file in it and adds that, and all seems fine from
> there, but non of the other users get that new directory when they do an
> update.

You'll have to post some 'ls -la' listings of the relevant repository
directories, and document which users are members of which groups, etc.,
as well as show cut&paste commands and errors so that someone on the
list might be able to help.  Note that you can probably run CVS from the
command.com prompt on M$-Windoze and that might make it easier to show
us what's not working and what it says when it fails.

For Linux you might also want to specify the kernel version, filesystem
mount options, filesystem types, etc.  There are many variables!  ;-)
With *BSD the defaults are mostly "right" for CVS, but as Larry says
there can be issues on Linux.

-- 
Greg A. Woods

+1 416 218-0098  VE3TCP  <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird <[EMAIL PROTECTED]>

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: merge or branch?

[Rachman Chavik]

At 23:42 27/09/2001 +, you wrote:
>Development continues down branchA, and a new directory, with new files,
>gets added and committed on branchA.  This new directory is obviously not on
>branchB, since it was created after branchA was created.

I would suggest that you perform the new additions from the mainline (HEAD)
whenever you add new directory and files.  To get these files down the branch,
you'll need to 'branch' these additions.

Why? Well, firstly, files added in the branch would be stored in the Attic
directory.  Secondly, I experienced some problems in merging these
type of files back to the HEAD branch.

>Question: how does one get the new directory from branchA onto branchB?
>
>2. branch the new files in the new directory using the branchB branch tag.
>In other words: cvs tag -b branchB newfilename.
>
>My thoughts are option #2 will create another branch, with the same name
>(branchB) in cvs.  I believe that option 2 will give my colleague what he
>wants, but I still believe two separate branches were created and merging
>would have been the better way to go as it would have brought the files over
>to the original branchB branch.

I prefer your option #2.  I think CVS does not differentiate between the two
'branch'. Your colleague will simply need to update his local work directory:

 cvs update -r branchB

Rachman


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

merge or branch?

[Christine & Freight]

Hey Folks~

I am having a dispute with a co-worker over how to do something in CVS.  I
was wondering if anyone out there can help?  Here's the situation:

A branch (let's call it branchA) gets created off the main line.  Then, at
some point in time, a branch (branchB) gets created off of branchA.

Development continues down branchA, and a new directory, with new files,
gets added and committed on branchA.  This new directory is obviously not on
branchB, since it was created after branchA was created.

Question: how does one get the new directory from branchA onto branchB?

We have two answers:

1. merge the directory from branchA to branchB.  I had a little trouble
coming up with the command to do this (I am new to CVS), but that was the
obvious answer to me. (in a branchA sandbox, do a cvs update -j branchB
filename, or dirname)

2. branch the new files in the new directory using the branchB branch tag.
In other words: cvs tag -b branchB newfilename.

My thoughts are option #2 will create another branch, with the same name
(branchB) in cvs.  I believe that option 2 will give my colleague what he
wants, but I still believe two separate branches were created and merging
would have been the better way to go as it would have brought the files over
to the original branchB branch.

Any opinions?

Thanks so much!
~Christine


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Traversing a CVS repository

[Chalmers, Tim]

Does anyone know how I can traverse the directories and files stored in a
CVS repository?  I'll be doing this from PERL.






___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Right Permissons !?

[Chris Barker]

Larry Jones wrote:
> a directory, you have to set the SGID bit (chmod g+s) on the directory.
> You probably want to go ahead and do that to all of the directories in
> your repository, with the possible exception of the CVSROOT directory.

Thanks, I've got that now.

"Greg A. Woods" wrote:
> It's really quite simple once you understand unix-style file and
> directory access controls and once you understand how RCS operations are
> done on repository files.

I figured as much but my understanding of both of those is still pretty
sketchy...

> Well, there's the source of one of your confusuions -- you really do not
> want to use cvspserver for anything but anonymous read-only access.  Use
> real accounts and use RSH/SSH for remote client access.

After reading this mailing list for a day, that seems to be pretty
clear. Unfortunately, while I'm sure the info is there in the manual,
going through it to figure out how to set it up did not make thaqt
clear. It's time for me to figure out how to use rsh instead. I'm right
now reading the section: "Connecting with rsh", and I'm still somewhat
confused.

The remote users are running windows and WinCVS: can they use rsh? all
the examples I see are for pserver. I'll keep RTFMing ...

> Because that's the way unix-style file and directory access controls
> dictate that RCS operations can be performed.

Thanks, I think I'm getting it now.

> Don't worry about the files (so long as they are mode 0444).  Only the
> directories matter.

OK, and I did chmod g+s on all the directories, and set all of them to
group cvs. It still doesn't work. A remote user on WinCVS adds a
directory, puts a file in it and adds that, and all seems fine from
there, but non of the other users get that new directory when they do an
update.

> If you're still having problems then they may be in part due to the use
> of cvspserver.
> 
> Turn off pserver and use RSH/SSH instead.

Maybe that will take care of it. If I can jsut figure out how to get it
to work with WinCVS

Thanks for your help.

-Chris



-- 
Christopher Barker,
Ph.D.   
[EMAIL PROTECTED] ---   ---   ---
http://members.home.net/barkerlohmann ---@@   -@@   -@@
   --@@@ --@@@ --@@@
Oil Spill Modeling--   @--   @   --   @
Water Resources Engineering   ---  - 
Coastal and Fluvial Hydrodynamics --


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: cvs for Solaris 7

[Martín Marqués]

On Jue 27 Sep 2001 09:34, you wrote:
> "Li, Jerry" wrote:
> > Hi, there:
> >
> > Do I have to use a specific version of CVS for Solaris 7? I could not
> > find any package for Solaris 5 on http://www.cvshome.org/unix/sunos.
> > However, I got the one for Solaris 2.6. Could I use it to install cvs on
> > Solaris 7.
> >
> > thanks,
> >
> > Jerry
>
> Theoretically, yes. You only need to install the cvs binary to find out. On
> the other hand, building from source is usually preferred.

We have it running on both Solaris 7 and Solaris 8.

Saludos... :-)

-- 
Porqué usar una base de datos relacional cualquiera,
si podés usar PostgreSQL?
-
Martín Marqués  |[EMAIL PROTECTED]
Programador, Administrador, DBA |   Centro de Telematica
   Universidad Nacional
del Litoral
-

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

All files appear to be modified

[jeroen]

Hi,

I'm using wincvs1.2 on a win200 client with a linux server. When I checkout
a module from the server all the files in that directory immediately appear
to be modified (are red)!
The time and timezone on both machines are exactly the same so that
shouldn't be a problem. The only thing I can think of is that when I
installed wincvs both the timezone and the date were wrong but I corrected
that problem so...

Can anyone tell what could be causing this problem?

Thanks,

Jeroen


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: As if there wasn't enough discussion about access control...

[Greg A. Woods]

[ On Thursday, September 27, 2001 at 11:05:30 (-0700), Jimmy Rimmer wrote: ]
> Subject: As if there wasn't enough discussion about access control...
>
> I've set up CVS on a Linux server.  We access it over SSH.
> 
> Currently, access is through group permissions; if you're a member of the
> 'cvs' group on the Linux box, you have full access the repository.  But if
> you're not...

very good!

> I'd like to be able to establish some sort of "checkout-only" access for the
> folks in marketing.  Is there a way to create such a thing using Unix file
> permissions?  Or do I need to dig into the administrative files?

You're most of the way there.

I'm guessing the marketing folks don't need 100% guaranteed integrity
for their read-only access.  If that's so then you can probably do best
with a nifty little patch that the NetBSD folks created to provide a new
'-u' option to not recate read-locks (and also implicitly turns off
history logging too).  Just put the marketing guys in a separate group
that has no write acess to any part of the repository and tell them to
use "cvs -u".  You can find these patches in the following files:

ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-ak
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-al
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-am
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-an
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-ao
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-ap
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-aq
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-ar
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/pkgsrc/devel/cvs/patches/patch-as

(it sure would be nice if all of the NetBSD patches made it into the
common public version of CVS too -- they are all highly useful!)

Otherwise you'll have to use the "LockDir" config feature.  Search for
"LockDir" in the manual.

-- 
Greg A. Woods

+1 416 218-0098  VE3TCP  <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird <[EMAIL PROTECTED]>

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Right Permissons !?

[Greg A. Woods]

[ On Thursday, September 27, 2001 at 11:15:56 (-0700), Chris Barker wrote: ]
> Subject: Re: Right Permissons !?
>
> I'm all confused by permissions in the repository. First my problem:

It's really quite simple once you understand unix-style file and
directory access controls and once you understand how RCS operations are
done on repository files.

> I set up a repository on my linux box, and have people accessing it with
> the pserver method (all folks accessing the server have accounts on the
> box).

Well, there's the source of one of your confusuions -- you really do not
want to use cvspserver for anything but anonymous read-only access.  Use
real accounts and use RSH/SSH for remote client access.

> I took a look at the directory hierarchy, and noticed that each file was
> owned by the user or added (or last updated?) it. I'm imagining that
> that is the source of the problem.

No, not likely -- that's normal and indented behaviour.

> Why is CVS designed this way?

Because that's the way unix-style file and directory access controls
dictate that RCS operations can be performed.

>From the CVS Manual:

File permissions


   All `,v' files are created read-only, and you should not change the
permission of those files.  The directories inside the repository
should be writable by the persons that have permission to modify the
files in each directory.  This normally means that you must create a
UNIX group (see group(5)) consisting of the persons that are to edit
the files in a project, and set up the repository so that it is that
group that owns the directory.

   This means that you can only control access to files on a
per-directory basis.

The important thing to understand is that in a unix filesystem the right
to write to a directory controls the integrity of the files within
(except for their ownership on some systems).  If I can write to a
directory then I can remove any file and create any new file (and on
some systems I can even cause any file I own to be owned by someone
else, though this is a less common capability on modern systems).

In other words if I have write access to a repository directory (as well
as read and search access, of course) then I can commit changes to any
,v file within it.

> I did follow suggestions in the docs, and create a cvs group, and add
> all the users that access cvs to that group, but the files (and new
> directories) get created with primary group of the creater (users),
> rather than group cvs.

Don't worry about the files (so long as they are mode 0444).  Only the
directories matter.

If you're still having problems then they may be in part due to the use
of cvspserver.

Turn off pserver and use RSH/SSH instead.

-- 
Greg A. Woods

+1 416 218-0098  VE3TCP  <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird <[EMAIL PROTECTED]>

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: CVS access control

[Greg A. Woods]

[ On Thursday, September 27, 2001 at 20:08:45 (+0400), Tobias Brox wrote: ]
> Subject: Re: CVS access control
>
> I'm quite sick of internet banking services where the bank (of course)
> states "this solution is 100% secure!".  Most of the services I've seen have
> no security at all against possible trojan horses at the client computers -
> anyone with root permissions and enough knowledge and skills might hijack
> the session.

Not to mention almost no real authentication of the client user in the
first place

> To get back to where this discussion started - we were discussing
> possibilities for adding ACL into cvs.  If CVS had ACLs, and they were
> securly implemented, it wouldn't help at all, you said, because the user
> anyway could go directly to the repository and do whatever he liked.  That's
> not so true - the _documentation_ must clearly tell about this possibility,
> and what countermeasures the system administrator might do to cover it up.

Some database engines (well, actually, most of the good ones) implement
internal ACLs on tables and records because in a carefully designed
database (i.e. application using a database), such ACLs can make it much
easier to implement a security policy that specifies detailed privacy,
integrity, and accountability for given data and data relationships.

However as yet nobody's really identified any generic security policy
requirements for CVS that cannot be implemented with filesystem ACLs.
The best that's been presented so far are some generic process level
controls which would not necessarily be applied on a per-file basis,
such as the right to create or delete tags.  The "cvsadmin" feature
could be extended or duplicated to cover tagging.  It wouldn't be any
more secure than the "cvsadmin" feature is of course, but it would
provide a simple way to provide run-time visible security policy
guidelines which could be more properly enforced with less stringent
technical controls such as accountability audits.

Finally, you're right about qualifying the "securely implemented" part,
but perhaps not for the reasons you think.  None of the proposals for
ACLs in CVS have considered the issue of secure implementation.  Perhaps
that's because deep down people realise that any such consideration
would prove that trying to securely implement ACLs in CVS would either
require a fundamental ground-up re-design; or would not be possible at
all.  CVS was knowingly designed _without_ security in mind and it
definitely shows.  This isn't necessarily a bad thing, but it does place
very certain limits on what kinds of security features can be
successfully added to CVS (i.e. hardly any! ;-).

In the end one really has to wonder what's to be gained by trying to add
internal ACL support to a versioning system.  Several far more important
factors mitigate this need, and I would claim mitigate it into nothing.
For one a versioning system is, by definition, providing a detailed
audit trail that can very very very easily be used to enforce
accountability (and any user who doesn't realise this and thus instantly
realise the risk of trying to do something they're not explicitly
authorised to do is probably not sane in the first place! :-)  Another is
of course that the level of trust between the members of a group working
on a given module in a given repository is necessarily much higher than
it would ever be in the example of a group of users using a database
application.

(having accountability in CVS of course presumes you never use cvspserver :-)

> Still - security through obscurity /is/ better than no security at all!

Nope, not true at all.  Security by obscurity leads to a false sense of
security, and as pretty well every rational sane person in North America
should realise by now there's really nothing worse than a false sense of
security!

-- 
Greg A. Woods

+1 416 218-0098  VE3TCP  <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird <[EMAIL PROTECTED]>

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

RE: Moving CVS Repository

[Joseph Natar]

Title: RE: Moving CVS Repository





What we are planning  to do is to keep the same hostname and the path to the repository. Hence it will be transparent to the users when it comes up.

Thanks


joe


-Original Message-
From: David Taylor [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001 1:37 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Moving CVS Repository



Kaz Kylheku wrote:


> In article <[EMAIL PROTECTED]>, Cornellious Mann wrote:
> >If I want to move my CVS repository (let's say from NT
> >to Unix), can I simply copy everything under CVSROOT
> >into my new CVSROOT?  Thanks.
>
> You can, however the existing users will be left stranded, pointing
> to the old repository.
>


If the old repository was accessed via a DNS alias - rather than actual host name
(or IP address) - and the path of the new repository is the same, then pointing
that alias to the the host of the new repository points all checked out
directories to the new repository.


dtayl




___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: As if there wasn't enough discussion about access control...

[Kaz Kylheku]

In article <[EMAIL PROTECTED]>, Jimmy Rimmer wrote:
>I've set up CVS on a Linux server.  We access it over SSH.
>
>Currently, access is through group permissions; if you're a member of the
>'cvs' group on the Linux box, you have full access the repository.  But if
>you're not...
>
>I'd like to be able to establish some sort of "checkout-only" access for the
>folks in marketing.

Since they probably use Windows, you can give them a hacked version in WinCVS
which has all elements related to committing removed.

> Is there a way to create such a thing using Unix file
>permissions?  Or do I need to dig into the administrative files?

The easiest way is to make a ``cvsusers'' group and put all the developers
into it. Ensure that only cvsusers have write access to files and
directories; all other users have read-only access.

Don't forget to enable the setgid bit on all directories, so that newly
created files and subdirectories inhert the group ownership.

In addition, ensure that umask is set up properly in /etc/profile
(or wherever it may be) with at least 002 to deny writing to others.
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

RE: CVS access control

[Greg A. Woods]

[ On Thursday, September 27, 2001 at 16:09:27 (+0100), Andrew McGhee wrote: ]
> Subject: RE: CVS access control
>
> I'm keen to hear what is recommended, we where toying with
> the idea of SSH tunnelling to a pserver CVS server - if this is
> even possible - ?

Of course SSH tunnelling of pserver is possible.  But it's a bad idea.

Sure it'll give you encryption, but then you're going to turn around and
use CVS as your security application depsite already having SSH?  BAD.

Just use SSH and learn to use your filesystem and operating system for
access control.

-- 
Greg A. Woods

+1 416 218-0098  VE3TCP  <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird <[EMAIL PROTECTED]>

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: As if there wasn't enough discussion about access control...

[Larry Jones]

Jimmy Rimmer writes:
> 
> Currently, access is through group permissions; if you're a member of the
> 'cvs' group on the Linux box, you have full access the repository.  But if
> you're not...
> 
> I'd like to be able to establish some sort of "checkout-only" access for the
> folks in marketing.  Is there a way to create such a thing using Unix file
> permissions?  Or do I need to dig into the administrative files?

You can do it with file permissions -- simply give "other" read access
to the files and read/execute access to the directories.  You'll also
need to set LockDir in your CVSROOT/config file to some world-writable
directory for the lock files.

-Larry Jones

It's a Doofus Ignoramus!  Our hero slowly reaches for his stun blaster!
-- Calvin

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Right Permissons !?

[Larry Jones]

Chris Barker writes:
> 
> Why is CVS designed this way? I would expect that all the files put in
> the repository by cvs would have the ownership and permissions set by
> cvs, and so all be the same (the same as the user running cvs--root?)

When using pserver, CVS only runs as root long enough to validate the
user's password.  Once that's done, CVS switches user and runs as the
real user.  That allows you to use normal filesystem permissions to
control what users can do.

> I did follow suggestions in the docs, and create a cvs group, and add
> all the users that access cvs to that group, 

If you were running one of the BSD Unixes rather than Linux, that's all
you would have to do since on BSD Unixes newly created files and
directories get their group from their parent directory rather than from
the creating process.

> but the files (and new
> directories) get created with primary group of the creater (users),
> rather than group cvs.

That's because Linux uses AT&T Unix filesystem semantics rather than BSD
Unix filesystem semantics by default.  To get it to use BSD semantics in
a directory, you have to set the SGID bit (chmod g+s) on the directory. 
You probably want to go ahead and do that to all of the directories in
your repository, with the possible exception of the CVSROOT directory.

-Larry Jones

Isn't it sad how some people's grip on their lives is so precarious
that they'll embrace any preposterous delusion rather than face an
occasional bleak truth? -- Calvin

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: large file hangs/fails

[Kaz Kylheku]

In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>cvs [commit aborted]: cannot read /usr/local/cvsroot/stefan1/MSDEx86.exe,v: 
>Input/output error

[ snip ]

>Does anyone have any ideas on how I can solve this problem?

What makes you convinced that this is a CVS problem? 

The *operating system* is aborting a file read with I/O error. 

It's a problem that may be caused by corruption of the filesystem,
a damaged disk surface, faulty hardware, a bad disk driver, etc.

You should read:

http://www.tuxedo.org/~esr/faqs/smart-questions.html

>I'm trying to migrate my company's source from MS SourceSafe to CVS,
>and I really want this to work. 

Then set up a reliable CVS server that doesn't give you I/O errors on disk
reads. Doh!
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

As if there wasn't enough discussion about access control...

[Jimmy Rimmer]

I've set up CVS on a Linux server.  We access it over SSH.

Currently, access is through group permissions; if you're a member of the
'cvs' group on the Linux box, you have full access the repository.  But if
you're not...

I'd like to be able to establish some sort of "checkout-only" access for the
folks in marketing.  Is there a way to create such a thing using Unix file
permissions?  Or do I need to dig into the administrative files?

-
Jimmy Rimmer, [EMAIL PROTECTED]  http://mp3.com/Rimbo?edSig
-
   ``Are all men from Texas loud-mouthed braggarts?''
 ``Just me, baby.  Just me.''

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: CVS access control

[Tobias Brox]

[Andrew McGhee - Thu at 06:18:24PM +0100]
> But - for external access, we need to encrypt the connection to the server,
> so I am hoping there is some method of doing SSH tunnelling (not using the
> standard SSH connection method, as per WinCVS).

Read the ssh documentation.

The ssh tunnel can only be initiated by someone that have access to the cvs
server.  This might be a limitation.  Anyway, I guess it's possible to make
i.e. one "tunnel" user that has a well-known password, and that can't run a
shell.

To initiate a tunnel, read the CVS manual - I think the right option is
"-L".  The tunnel works by forwarding connections - i.e. any connections to
the pserver port at localhost (the client computer) can be forwarded over
the tunnel to pserver port at the remote host (CVS server).

At the remote host, you might restrict the access for the pserver port down
to just localhost.

I haven't thought much through this suggestion, but I guess it should work
and be secure.

-- 
Unemployed hacker
Will program for food!
http://ccs.custompublish.com/

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: moving cvs repository from one machine to another

[PRUDHVIDHAR lingala]

Once you setup the CVS server on new system

1) Just copy the entire CVS repository from old 
server and put it on new system
2) do following on the new cvs server
cvs -d  init
3) check whether you are able to access the new
server's repository
4) Cut off the access to the cvs repository on old
system


 --- Joseph Natar <[EMAIL PROTECTED]> wrote: > Hi:
> 
> We merged with another company recently and we took
> over there cvs server.
> The server was very unstable due to OS and Hardware
> issues. We are planning
> to move to another machine. I read thru most of the
> manual and found that
> after installing, initializing, unix permissions and
> setting up pserver, we
> plan to migrate  the old repository filesystem to
> the new one. If anyone has
> done this before and has any  advice, please let me
> know.
> 
> Thanks
> 
> 
> Joe Natar
> Quality Tools Engineering
> Ventro Corporation
> 650-903-5535  
> [EMAIL PROTECTED]
> 
> 
> 
> 
>  


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Right Permissons !?

[Chris Barker]

Hi all,


I'm all confused by permissions in the repository. First my problem:

I set up a repository on my linux box, and have people accessing it with
the pserver method (all folks accessing the server have accounts on the
box).  All was fine and dandy, until recently, when one of the remote
users added a directory to the project (using WinCVS, if that is
relevant). It seemed to work on his end, but none of the other users got
the new directory with an update. When I add a directory from a user
account on the same box running the CVS server, it is seen by everyone.

I took a look at the directory hierarchy, and noticed that each file was
owned by the user or added (or last updated?) it. I'm imagining that
that is the source of the problem. So my questions are:

How do I set this up so it works? (obviously the big question)

Why is CVS designed this way? I would expect that all the files put in
the repository by cvs would have the ownership and permissions set by
cvs, and so all be the same (the same as the user running cvs--root?)

I did follow suggestions in the docs, and create a cvs group, and add
all the users that access cvs to that group, but the files (and new
directories) get created with primary group of the creater (users),
rather than group cvs.

I have run Linux as a workstation for years, but have been the only user
on the system, so I have never had to deal with this kind of thing...
I'm pretty clueless.

thanks,

-Chris





-- 
Christopher Barker,
Ph.D.   
[EMAIL PROTECTED] ---   ---   ---
http://members.home.net/barkerlohmann ---@@   -@@   -@@
   --@@@ --@@@ --@@@
Oil Spill Modeling--   @--   @   --   @
Water Resources Engineering   ---  - 
Coastal and Fluvial Hydrodynamics --


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

moving cvs repository from one machine to another

[Joseph Natar]

Title: moving cvs repository from one machine to another





Hi:


We merged with another company recently and we took over there cvs server. The server was very unstable due to OS and Hardware issues. We are planning to move to another machine. I read thru most of the manual and found that after installing, initializing, unix permissions and setting up pserver, we plan to migrate  the old repository filesystem to the new one. If anyone has done this before and has any  advice, please let me know.

Thanks



Joe Natar
Quality Tools Engineering
Ventro Corporation
650-903-5535        
[EMAIL PROTECTED]

RE: Possible to use PAM as authentication on linux?

[Kostur, Andre]

Title: RE: Possible to use PAM as authentication on linux?





There's also a patch floating around which will allow the pserver method to use PAM to resolve the password.


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 26, 2001 12:32 PM
> To: Johnny Ljunggren
> Cc: [EMAIL PROTECTED]
> Subject: Re: Possible to use PAM as authentication on linux?
> 
> 
> [ On Wednesday, September 26, 2001 at 11:40:32 (+0200), 
> Johnny Ljunggren wrote: ]
> > Subject: Possible to use PAM as authentication on linux?
> >
> > Is it, and if so, how?
> 
> Anything SSH can use
> 
> -- 
>                           Greg A. Woods
> 
> +1 416 218-0098  VE3TCP  <[EMAIL PROTECTED]> 
> <[EMAIL PROTECTED]>
> Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird 
> <[EMAIL PROTECTED]>
> 
> ___
> Info-cvs mailing list
> [EMAIL PROTECTED]
> http://mail.gnu.org/mailman/listinfo/info-cvs
> 

RE: CVS access control

[Andrew McGhee]

Yes - love the idea of pserver keeping usernames / passwords independant of
the OS, and keeping cvs running as non-root.

But - for external access, we need to encrypt the connection to the server,
so I am hoping there is some method of doing SSH tunnelling (not using the
standard SSH connection method, as per WinCVS).

Unsure if this is possible, or if we should look at using pserver over SSL
connection instead.

Andrew

-Original Message-
From: Tobias Brox [mailto:[EMAIL PROTECTED]]
Sent: 27 September 2001 16:26
To: Andrew McGhee
Cc: [EMAIL PROTECTED]
Subject: Re: CVS access control


[Andrew McGhee - Thu at 04:09:27PM +0100]
> I'm keen to hear what is recommended, we where toying with
> the idea of SSH tunnelling to a pserver CVS server - if this is
> even possible - ?

Why shouldn't it be? :-) If you absolutely are sure that pserver is better
than ssh for your needs ... then go ahead!

-- 
Unemployed hacker
Will program for food!
http://ccs.custompublish.com/

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Linux installation

[Matt Riechers]

> Alex Flores wrote:
> 
> 
> 
> Does anybody know where to find Linux client installation notes?
> 
> Thanks in advance,
> 
> Alex

If you're installing from source, the docs are with the source. If you are
installing a pre-built binary, just put wherever you want. There's nothing
special to do.

-Matt

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: AW: loginproblem using the pserver-method

[rhelms]

Am Don, 27 Sep 2001 schrieb [EMAIL PROTECTED]:
> Hi,
> 
> > >cvs [login aborted]: recv() from server linux: Die Verbindung wurde vom
> > >Kommunikationspartner zur?ckgesetzt
> > 
> > >get the message

I have followed the instractions mentioned in the manual on cvshome.org and
have added the following line in the inetd.conf 

2401 stream tcp nowait root /bin/echo echo hello 

and get the following result after telnet to port 2401

   rhelms@linux:~ > telnet linux.local 2401
Trying 192.168.0.99...
Connected to linux.local.
Escape character is '^]'.
hello
Connection closed by foreign host.   


I think that my problem must be another problem and not a port-connectionproblem

Regards,
Ruprecht

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: large file hangs/fails

[Larry Jones]

[EMAIL PROTECTED] writes:
> 
> cvs [commit aborted]: cannot read /usr/local/cvsroot/stefan1/MSDEx86.exe,v: 
>Input/output error

Input/output error generally indicates a hardware problem.

-Larry Jones

Why is it you always rip your pants on the day everyone has to
demonstrate a math problem at the chalkboard? -- Calvin

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Linux installation

[Alex Flores]

    

 
Does anybody know 
where to find Linux client installation notes?
 
Thanks in 
advance,
 
Alex

global -n flag behavior

[Matijs van Zuijlen]

Hi,

I generally use

cvs -q update -dP

whenever I want my version to contain the latest versions of all files. It
then gives a nice list of the files it updates, and of any files I changed.
However, I sometimes just want to know what would happen, so then, of
course I use:

cvs -qn update -dP

However, instead of just giving the same output, and not doing anything, it
also displays messages about any directories it is ignoring (because they
have become obsolete). Why is this?

Matijs van Zuijlen.

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

OS/400

[Ronald Edward Petty]

No one answered this, but does cvs run on OS/400 or if it does work?

Ron


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: CVS access control

[Tobias Brox]

[[EMAIL PROTECTED] - Thu at 09:09:13AM -0400]
> This is true.  That's why security devices (at least safes) state how
> secure they are (eg it'll take a competent burglar with a blow torch 30
> minutes to break in).  Unfortunately, no such descriptions exist in the
> computer world.

It's always important to document security concerns properly, also in the
computer world.  How many hundreds of years a pentium computer would need
for breaking the encryption seldom much relevant - it's far more important
to state /if/ a program actually was written with security in mind or not,
what kind of possible holes, backdoors and possibilities for cracking in
there can be, etc.

I'm quite sick of internet banking services where the bank (of course)
states "this solution is 100% secure!".  Most of the services I've seen have
no security at all against possible trojan horses at the client computers -
anyone with root permissions and enough knowledge and skills might hijack
the session.

To get back to where this discussion started - we were discussing
possibilities for adding ACL into cvs.  If CVS had ACLs, and they were
securly implemented, it wouldn't help at all, you said, because the user
anyway could go directly to the repository and do whatever he liked.  That's
not so true - the _documentation_ must clearly tell about this possibility,
and what countermeasures the system administrator might do to cover it up.

Countermeasures does exist, we've seen that SSH can be configured to only
let people execute cvs, and we've seen that it is possible to run CVS
set[gu]id (though not recommended, as CVS never was implemented to be
secure)

> >Passwords sent in plain text through the network is a bit safer than no
> >passwords at all - the number of people that are likely to break in is far
> >lower.
> 
> This is true since it takes at least some effort to sniff the packets.
> Just about anyone in the world can get through a knotted rope.

So, the knotted rope can be compared with a message telling: "Go away, don't
break in here".  Still, the message does offer better safety than no message
at all.  It would usually suffice for a toilet door, to tell that the toilet
is occupied.  Even juridically, a person coming into the system and causing
harm can probably be sued for it if and only if it should have been clear
for him that what (s)he did was wrong.

Ok, this is nitpicking and has nothing to do with cvs.  Let's drop it here.

> >Still, "real", 100% security is always non-sense - you would probably be
> >willing to help me find some way around the ACLs if I "visited" you and
> >started pulling out your nails.  (...)

> This is true but it would require a bug in something that's supposed to be
> secure.

Sorry for beeing unclear again - if _you_ can log into some server as root,
you _can_ help me to get around any ACL there might be at that server,
regardless of what bugs there might be.  And then again, there might be a
myriad of ways to "pursuade" you to help me.  As long as any human knows a
password, there are ways to get into the system.

> >For those that don't care much about "real" security, "security by
> >obscurity" is certainly a lot better than no security at all.
> 
> Any security professional would never rely on "security through obscurity".

"Security through obscurity" should always be avoided, I've never ment
anything else.  "Real" security (in the computer context) is to close down
all known security holes, avoid (as far as possible) exposure for unknown
security holes, restrict the damage that can be done through unknown
security holes, and trap possible intruders through system surveillance
(i.e. tripwire).  Have I forgotten anything?

Still - security through obscurity /is/ better than no security at all!

-- 
Unemployed hacker
Will program for food!
http://ccs.custompublish.com/

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

large file hangs/fails

[stefan]

Hello,
I'm using cvs 1.11 on a Linux 2.2 (RedHat 6.0) machine,
and when I try to add a large (21MB) binary file (Windows executable)
to a directory, I get the following when I "commit":

RCS file: /usr/local/cvsroot/stefan1/MSDEx86.exe,v
done
Checking in MSDEx86.exe;
/usr/local/cvsroot/stefan1/MSDEx86.exe,v  <--  MSDEx86.exe
initial revision: 1.1
done
cvs [commit aborted]: cannot read /usr/local/cvsroot/stefan1/MSDEx86.exe,v: 
Input/output error


I did not run out of disk space in /usr/local/cvsroot, /tmp or /var.
And I don't think I ran out of memory -- I have 64MB of RAM, and there's
nothing else happening on the box right now.

Does anyone have any ideas on how I can solve this problem?
I'm trying to migrate my company's source from MS SourceSafe to CVS,
and I really want this to work. Thanks

- Stefan Reitshamer
[EMAIL PROTECTED]


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Creating a pserver on Mac OSX

[Larry Jones]

Dave Carlton writes:
> 
> cvs [login aborted]: authorization failed: server localhost 
> rejected access
> when trying to login. Here is what I have done:

What version of CVS are you using?  The current release (1.11.1p1) has
better error messages that you may find helpful (it also has a number of
bug fixes).  But in this case, the problem is obvious (to the
experienced observer):

> Added line inetd.conf:
> cvspserverstream  tcp nowait  root/usr/bin/cvs cvs 
> --allow-root=/Volumes/Data/cvs/ pserver
> 
> Try to log into localhost:
> cd /Sources/CVS
> cvs -d :pserver:davec@localhost:/cvs login
> (Logging in to davec@localhost)
> CVS password:
> cvs [login aborted]: authorization failed: server localhost 
> rejected access

The repository you specified, "/cvs", doesn't match the --allow-root
option in inetd.conf, "/Volumes/Data/cvs/" (which shouldn't have that
trailing "/" on it and there should also be a "-t" global option in the
command).

-Larry Jones

Nobody knows how to pamper like a Mom. -- Calvin

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: FW: environment variables

[Larry Jones]

Kevin Tomasek writes:
> 
> i wish to pass an environment variable to CVS..

You can use User Variables to do that.  See:
.

-Larry Jones

Things are never quite as scary when you've got a best friend. -- Calvin

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: get conflict files

[Larry Jones]

raptor writes:
> 
> How can I get a list all problem files i.e. those with conflicts, those that
> need update etc
> I need just the list of them (of cource with the full path)

cvs -nq update

-Larry Jones

Archaeologists have the most mind-numbing job on the planet. -- Calvin

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Getting better logging?

[Larry Jones]

Eric Siegerman writes:
> 
> Didn't someone recently bring up a larger issue?  Something to do
> with the different semantics of tag vs. rtag, but I can't
> remember the details.

Probably me (tag works on files, rtag works on modules), but that was
just a hypothesis as to why tag wasn't logged in the first place.

-Larry Jones

Your gender would be a lot more tolerable if it wasn't so darn cynical!
-- Calvin

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: loginproblem using the pserver-method

[Larry Jones]

[EMAIL PROTECTED] writes:
> 
> cvs [login aborted]: recv() from server linux: Die Verbindung wurde vom
> Kommunikationspartner zur?ckgesetzt

I believe that's the German equivalent of "Connection reset by peer",
which would indicate that your /etc/inetd.conf (or equivalent) on the
server is incorrect; most likely, it has an incorrect path to the CVS
executable.

See the "Troubleshooting" section of the manual for more advice:
.

-Larry Jones

I think we need to change the rules. -- Calvin

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Update keeps breaking my commits in WinCVS.

[Kaz Kylheku]

In article <[EMAIL PROTECTED]>, Nicholas wrote:
>Hi All,
>
>I've got a repository locally on my Win2K box. If I modify a file then
>go into WinCVS I can commit it, without checking it in (is this as it
>should be?)
>
>The file then disappears from WinCVS (leaving me no way to check it
>out again, yet I can just start editing it in a third party
>application).

You have probably clicked one of those little red buttons in one of the
toolbars which have appeared in recent versions of WinCVS, for filtering
the browsed files for various criteria.  You can have WinCVS show you
only those files which require a commit; if you then commit those files,
they disappear from view because they no longer match the filter.

>When I update the file in, the update works fine. Yet if i try to
>commit the updated file the commit fails. Is this right? Should I just
>be committing these files without updating them?

If you edit a file based on some version N,  and in the meanwhile
someone (possibly you, from another working copy) commits a 
new version N + 1, then your working copy is out of date. You cannot
commit until you perform an update operation, and resolve any conflicts.

>And why do the committed files disappear from WinCVS's file viewer?

See above.

>P.S. how does checking-in correspond to 'update' and 'commit'.

Commit and check-in are exactly the same thing. CVS doesn't use the
``check-in'' terminology, though the abbreviation ``ci'' is retained
from RCS. Commit means to record your local changes into the repository,
giving rise to a new version.

Update means to get the latest material from the repository, and
incorporate it into your working copy. If your working copy is locally
modified, the new changes from the repository are merged, which 
can create conflicts that must be resolved. 

By the way, you should do commits on an entire module, not on individual
files. WinCVS makes it easy to select some files and commit them
individually, but this is often the wrong thing to do.  Applying a
commit to the entire module will cause CVS to perform a global up-to-date
check. If any files have changed, not jus tthe ones you are working on,
the check will fail and you will have to update.

If you commit individual files, you run the risk of commiting a change
which breaks with respect to someone else's concurrent change to
another file. 
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: CVS access control

[Tobias Brox]

[Andrew McGhee - Thu at 04:09:27PM +0100]
> I'm keen to hear what is recommended, we where toying with
> the idea of SSH tunnelling to a pserver CVS server - if this is
> even possible - ?

Why shouldn't it be? :-) If you absolutely are sure that pserver is better
than ssh for your needs ... then go ahead!

-- 
Unemployed hacker
Will program for food!
http://ccs.custompublish.com/

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: get conflict files

[Tobias Brox]

[raptor - Thu at 12:04:55PM +0300]
> I've got something :
> 
> cvs -d blah history -e -a | egrep ^[WCAR] | cut -d ' ' -f 7-
> 
> is this the correct way...

Not entirely.  You'll get the history, so you'll see all old conflicts, etc.

-- 
Unemployed hacker
Will program for food!
http://ccs.custompublish.com/

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

RE: CVS access control

[Andrew McGhee]

Is this of use to this argument?
http://members.home.net/minyard/cvs-thoughts.html

We've found Corey's ACL patches work well for what we want - but we still
don't have a good "encrypted" connection yet to our server (pserver
operation,
this allows us to keep the CVS server running as "non-root", and keeps
accounts
off the unix machine itself)

I'm keen to hear what is recommended, we where toying with
the idea of SSH tunnelling to a pserver CVS server - if this is
even possible - ?

Regards,
Andrew

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 27 September 2001 02:22
To: [EMAIL PROTECTED]
Subject: Re: CVS access control


[ On Thursday, September 27, 2001 at 03:04:22 (+0400), Tobias Brox wrote: ]
> Subject: Re: CVS access control
>
> I'd say it would even be better off without password authentication at all
> (and use pserver only where public access is wanted).

Me too!   :-)  [[ PLEASE ]]

> Sorry for beeing unclear.  pserver and ssh does the authentication (who
are
> you?).  When I say "access control", I'm thinking of authorization (who
> should be able to do what).  I do think that authentication is out of the
> scope of CVS (ok, pserver _is_ already a part of CVS ... but anyway ...). 

CVS is not a security tool -- it simply manages a bunch of files.  You
do not want to even think about trying to make CVS into a security tool
-- that would be bad design and any implementation would inevitably be
doomed to ultimate failure since it could not, by definition, meet the
design goals.

I.e. CVS has no business doing anything related to access control,
authentication, authorisation, or anything related.

Use your OS to implement security policy and CVS will (have to) honour
your policy -- why make it any more complicated than that, since that's
all that's really necessary.

-- 
Greg A. Woods

+1 416 218-0098  VE3TCP  <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird <[EMAIL PROTECTED]>

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: AW: loginproblem using the pserver-method

[rhelms]

Hi,

> >cvs [login aborted]: recv() from server linux: Die Verbindung wurde vom
> >Kommunikationspartner zur?ckgesetzt
> 
> >get the message
> 
> have you made the inetd.conf-entry for cvspserver? Try "telnet linux.local
> 2401" if you get an answer.

This is the answer

rhelms@linux:~ > telnet linux.local 2401
Trying 192.168.0.99...
Connected to linux.local.
Escape character is '^]'.
Connection closed by foreign host.
rhelms@linux:~ >

Regards,
Ruprecht

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: get conflict files

[Tobias Brox]

[raptor - Thu at 10:56:51AM +0300]
> hi,
> 
> How can I get a list all problem files i.e. those with conflicts, those that
> need update etc

Run "cvs -n update" in the work directory, and eventually grep out what you
want.

cvs -n update 2>&1 | grep "^C " 
... will find all files with conflicts,

cvs -n update 2>&1 | grep "^U "
... will find all files that needs to be updated,

cvs -n update 2>&1 | grep "^M "
... will find all files that are changed and might need to be committed to
the repository,

etc.

--
Unemployed hacker
Will program for food!
http://ccs.custompublish.com/


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

RE: Right Permissons !?

[Andrew McGhee]

Yes - I have to agree with the g+s setting being a security concern In fact,
we shied away
from using it in the end, and went for the ACL patch that allows control
from within CVS
itself, using pserver, also allowing cvs to run as a "non-root" user - which
we prefer.

Our only issue is that pserver is un-encrypted (clear text password).

-Original Message-
From: Eric Siegerman [mailto:[EMAIL PROTECTED]]
Sent: 26 September 2001 20:37
To: [EMAIL PROTECTED]
Subject: Re: Right Permissons !?


On Wed, Sep 26, 2001 at 01:17:08PM +0100, Andrew McGhee wrote:
> -Original Message-
> > From: raptor [mailto:[EMAIL PROTECTED]]
> > Sent: 26 September 2001 09:45
> > 
> > I made group developers and set CVS repository so that this group has RW
> > access, but when the user commits it changes the owner/group to his i.e.
> > doesn't preserve "developrs" group on file !!!
>
> I think you'll find you need to do a "chmod -R g+s " to keep
> the group setting sticky.

DO NOT USE THIS COMMAND AS GIVEN!  It could open up a security
hole!

If you need to set g+s (see below to help you decide), you should
only set it on the directories, NOT on the files.  To do that:
find $CVSROOT -type d -print | xargs chmod g+s

Think first about your desired security policy.  That will affect
whether to set g+s on on the entire repo or just selected parts.
(If normal users aren't supposed to be able to edit the admin
files in $CVSROOT/CVSROOT, you can either not set g+s on that
directory, or set the flag and put the directory in a different
group).

Whether g+s will help in the first place depends on the server's
flavour of Unix.  SysV variants typically need it (including
Solaris, and maybe Linux but I'm not sure); BSD variants
typically don't.  On SysV systems, setting g+s on directory D
tells the system to propagate D's group to any files or
subdirectories created under D (and to set g+s on subdirectories
-- but not on files -- so that this propagation will recursively
happen to sub-subdirectories).  BSD systems typically propagate
group membership this way all the time; you can't turn it off, so
you don't need to worry about turning it on :-)

--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.[EMAIL PROTECTED]
|  |  /
The world has been attacked.  The world must respond ... [but] we must
be guided by a commitment to do what works in the long run, not by what
makes us feel better in the short run.
- Jean Chrétien, Prime Minister of Canada

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

FW: environment variables

[Kevin Tomasek]

> i wish to pass an environment variable to CVS..
> 
> you ask why would i want to do this.  well..
> 
> when outputting informations that would be generated with loginfo, if i
> ask it to output an environment variable which is not native to CVS, it
> complains about it as 'no such internal variable'
> 
> so is there a way to make a value/variable/reference 'internal' so that i
> can reference via the loginfo execution??
> 
> kevint

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

RE: central up-to-date files

[David Dunbar]

Josh Baudhuin wrote:

The documentation describes one way of doing this in the  loginfo
section in one of the appendices, I believe.

-Original Message-
Varia, Meghal wrote:

I was wondering if there was a way to automatically maintain a location
that always has the most up-to-date copy of a file checked into CVS.
Thus, any change that is made to this file is automatically reflected in
this central location.

We used to use the loginfo script to update a copy of the master source.
It worked but had a problem. When several commits were done in rapid
sequence we would get lock contentions that would hang the process and
require manual intervention.

Our current process uses the commitinfo script and a chron job. Our
cvsroot has two directories CVSROOT and src. The commitinfo file has one
noncomment line: 

src $CVSROOT/CVSROOT/testcvs

testcvs has one line: 

(cd $CVSROOT/CVSROOT; rm -f needupdate; touch needupdate; chmod 666
needupdate;) 

$CVSROOT is replaced by the actual path in the above. The rm and chmod
were needed for file permission issues. The needupdate file is just a
flag for the chron job.

The chron job is a Perl script: 

#!/bin/perl -w  
# check for updates to cvsroot/src and update the master 
# source

use strict; 

my ($lst, $flagfile, $cvsroot, $master); 

# leave the "s in the next two lines
$cvsroot = "actual path to cvsroot"; 
$master  = "actual path to master source"; 
$flagfile = $cvsroot . '/CVSROOT/needupdate'; 

# In the following $? is the return code from the previous
# `command`. 
# $! is the system error message. 

if (-e $flagfile) # if the file exists
{ 
  `rm $flagfile`; # clear the flag
  if ($? > 0) { die "Can't delete $flagfile. $! $?\n"; } 
  
  chdir "$master" or die "Can't cd to master source. $! $?\n"; 
  
  `/opt/local/bin/cvs -d $cvsroot -q -r update -d -A`; 
  if ($? > 0) { die "Update failed: $! $?\n"; } 
} 

The chron job runs every 15 minutes as me so I get the infrequent error
messages. 

With our old process I would have to clear the hangs anywhere from once
a week to three times an hour. With the current process we haven't had a
problem. 

David
-- 
David M. Dunbar <[EMAIL PROTECTED]>
Very funny, Scottie. Now beam down my clothes.

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: CVS access control

[yap_noel]

>[ On Wednesday, September 26, 2001 at 17:01:25 (-0400),
[EMAIL PROTECTED] wrote: ]
>> Subject: Re: CVS access control
>>
>> By definition, "security" is about preventing malicious "users" from
doing
>> harm.  It's not about avoiding accidents by careless users.  For
example,
>> would you consider a knotted rope tying my door shut to be any sort of
>> security since it avoids accidental openings?
>
>This I must pick a nit with.  :-)
>
>One of the three corner-stones of security is "integrity".  Good
>security not only prevents malicious damage, but also accidental
>damage.

OK, but I wouldn't consider secure a system that only prevents accidental
damage.

Noel




This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: cvs for Solaris 7

[Matt Riechers]

"Li, Jerry" wrote:
> 
> Hi, there:
> 
> Do I have to use a specific version of CVS for Solaris 7? I could not
> find any package for Solaris 5 on http://www.cvshome.org/unix/sunos.
> However, I got the one for Solaris 2.6. Could I use it to install cvs on
> Solaris 7.
> 
> thanks,
> 
> Jerry

Theoretically, yes. You only need to install the cvs binary to find out. On the
other hand, building from source is usually preferred.

-Matt

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: programmatic login possible?

[Matt Riechers]

Mark Jaffe wrote:
> 
> We are attempting to program a CVS checkout-update-build process which will
> query an internal database for changes to be applied to a baseline tag for a
> new build. We will do this in Java, and we need to know how to use the CVS
> API for login. Can we supply the password in the login call? How to do this?

You can login once, and the script/program/whatever can just to the
checkout-update-build. You don't have to logout.

-Matt

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: loginproblem using the pserver-method

[Matt Riechers]

[EMAIL PROTECTED] wrote:
> 
> Hi,
> 
> I have start a new setup from the cvs-server. After creating the passwd-file in
> CVSROOT   I try to login with
> cvs -d:pserver:[EMAIL PROTECTED]:/usr/local/newrepos login
> would asked for a password
> and get the message
> 
> cvs [login aborted]: recv() from server linux: Die Verbindung wurde vom
> Kommunikationspartner zur?ckgesetzt
> get the message
> 
> When I try to login from my W2K-box via wincvs it failed and say that I first
> to setup passwordauthentication in the preferences. Here I use ssh   via
> plink.exe (putty)  and  use pserver with port 2401.

Do you want to use ssh as the cvs access method, or pserver?

-Matt

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Format of cvs temp files...

[raptor]

hi,

Could somone point me to a place where I can see the format of the cvs-temp
files i.e. the files that cvs creates when calls loginfo, commitinfo
etc..scripts.. (the cvs-temp are passed to the STDIN of the scripts).

So that I know for what to search and now play with all the command to see
what they display :

Example :

when commiting I got something like :
Update of  ...dir...

Update files :
..files.

Log Message :
..message..

but it is different when u add dir for example...and so on and so on
Any pointer 
=
iVAN
[EMAIL PROTECTED]
=


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Update keeps breaking my commits in WinCVS.

[Matt Riechers]

Nicholas wrote:
> 
> Hi All,
> 
> I've got a repository locally on my Win2K box. If I modify a file then
> go into WinCVS I can commit it, without checking it in (is this as it
> should be?)

Checking in and commiting are the same thing.

> And why do the committed files disappear from WinCVS's file viewer?

Make sure you don't have the 'Show Commitable', etc. file filter on (View ->
File Filter -> Show Commitable).

> P.S. how does checking-in correspond to 'update' and 'commit'.

Update merges any new changes from the repository into your working copy, and
notes any files that have local changes with respect to the repository.

You may want to review the manual: http://www.cvshome.org/docs/manual/cvs.html
There's also the Karl Fogel book (very good): http://cvsbook.red-bean.com/

-Matt

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: get conflict files

[Matt Riechers]

raptor wrote:
> 
> How can I see when someone added and/or deleted - file and/or directory ...
> but didn't executed the necessary cvs commands (so that the changes go in
> Repository) ... i.e. so that I can do it !?

You make sure everyone who can commit a change can also RTFM!

-Matt

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

problems with CVS keyword substitution

[Kris Thielemans]

Hi,

we're having problems with the keyword substitution in CVS. When we do 'cvs
update', files get updated alright, but they're full of 'fake' conflicts of
the type below


<<< FullArrayIterator.inl
// $Id: FullArrayIterator.inl,v 1.1 2000/06/14 18:36:44 kris Exp $
===
// $Id: FullArrayIterator.inl,v 1.2 2001/09/14 16:57:20 kris Exp $
>>> 1.2


That is, the only change in the file is the text of the keyword, and cvs
didn't recognise this.

I sort of expect this is because we're running cvs 1.11 on our NT clients
(the server is a Linux machine running 1.11.1p1). Is this the cause of our
problems?

Unfortunately, there isn't a compiled Windows 1.11.1p1 available. Neither
can I download the sources from the website at the moment (there are only
sources for automake available). So, I'll try to check that out with cvs and
see if I can compile it on NT using gcc (and cygwin). Should this work?  The
first step gave me the following problem:

$  ./noautomake.sh --noautoconf
getopts: not found

Thanks!

Kris Thielemans
Imaging Research Solutions Ltd
Cyclotron Building
Hammersmith Hospital
Du Cane Road
London W12 ONN, United Kingdom

web site address:
http://www.irsl.org/~kris


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: get conflict files

[raptor]

I've got something :

cvs -d blah history -e -a | egrep ^[WCAR] | cut -d ' ' -f 7-

is this the correct way...
Then the new question :

How can I see when someone added and/or deleted - file and/or directory ...
but didn't executed the necessary cvs commands (so that the changes go in
Repository) ... i.e. so that I can do it !?

Thanx


| hi,
|
| How can I get a list all problem files i.e. those with conflicts, those
that
| need update etc
| I need just the list of them (of cource with the full path)



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: viewcvs

[schmolle]

Hi,


"Schwenk, Jeanie" wrote:

>I get "There are  files, but none match the current tag (None)".

>I had the same problem with cvsweb

So did I. The solution (I think) was to install the RCS toolkit. (several utilities 
that together make up RCS).

CVS, in a long distant past, used to use those programs, but doesn't anymore. Several 
add-ons, however, still do. I know that cvsweb is one of them.

This explains why your CVS functions perfectly OK, but cvsweb, which appears to just 
use CVS functions on your behalf, doesn't.

Cheers,

Schmolle


ps: I am about 2600-odd emails behind, so my aplogies if this has been answered before 
and/or two months ago.

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: File permissions

[Paul Sander]

>--- Forwarded mail from [EMAIL PROTECTED]

>[ On Tuesday, September 25, 2001 at 17:06:43 (-0700), Paul Sander wrote: ]
>> Subject: Re: File permissions
>>
>> There's nothing wrong with adding meta-data.

>Well, it all depends on what the meta data is, and what use is made of
>it by the overall system.

>Where the needs of the versioning tool conflict with the needs of the
>target system, an intermediate process must be used to separate the
>meta-data so that the conflict does not occur.

I think that's what I said in the following paragraphs of that posting:
Store data that describe the data, don't encode the process.

>--- End of forwarded message from [EMAIL PROTECTED]


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

get conflict files

[raptor]

hi,

How can I get a list all problem files i.e. those with conflicts, those that
need update etc
I need just the list of them (of cource with the full path)
=
iVAN
[EMAIL PROTECTED]
=


___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

AW: loginproblem using the pserver-method

[Schell Walter]

>I have start a new setup from the cvs-server. After creating the
passwd-file in
>CVSROOT   I try to login with 
>cvs -d:pserver:[EMAIL PROTECTED]:/usr/local/newrepos login
>would asked for a password
>and get the message
>
>cvs [login aborted]: recv() from server linux: Die Verbindung wurde vom
>Kommunikationspartner zur?ckgesetzt

>get the message

have you made the inetd.conf-entry for cvspserver? Try "telnet linux.local
2401" if you get an answer.
Walter

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

RE: Pls Unsubscribe

[Anders Truelsen]

Hi Dakia,
at the end of all list-message the following is add:
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Go check that URL, thats where you unsubscribe.

regards
anders

-Original Message-
From: Dakia [mailto:[EMAIL PROTECTED]]
Sent: 27. september 2001 08:41
To: [EMAIL PROTECTED]
Subject: Pls Unsubscribe


Pls help me how to unsubscribe to info-cvs

Thanx & Regards
Dakia

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs