Re: CVS and GSSAPI: Unknown command: `gserver'
Whats a gserver...shouldn't that be pserver? Olav! Brad Kroeger wrote: > Hi, > > After some difficulty I finally got CVS to compile on a Solaris 7 box. > Now I am getting errors testing CVS with GSSAPI. Any ideas as to what > is going on? > > [SERVER] > > /etc/inetd.conf > cpserver stream tcp nowait cvsadmin /projects/sys/sysint/cvs-1.11.1p1/ > src/cvs cvs -f --allow-root=/misc/fl/cvs gserver > > /etc/services > writesrv 2401/tcp cpserver # AIX write server, or CVS Password server > > [CLIENT] > > % echo $CVSROOT > :gserver:my.cvs.server:/misc/fl/cvs > > % cvs -a -x checkout rcsb_cvs > cvs [checkout aborted]: error from server my.cvs.server: Unknown > command: `gserver' > > Cheers, > -Brad > > ___ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs > > > > ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Connection reset by peer
Firewall? Olav! Zanabria, Moises wrote: > Is Anybody familiar whit this error: > I tried to connect from NT to my server: > > d:\set CVSROOT=sever.com:/local/cvs_secuity/src > D:\ch08>set CVS_RSH=rsh > D:\ch088>cvs co CVSROOT > > -> Recv failed:Connection reset by peer > cvs [checkout aborted]: end of file from server (consult above messages if > any) > Thanks for the help. > Moises > > ___ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs > > > > ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Connecting to RH 7.2
Has anyone been > able to get it work under 7.2? Yup! Works like a charm :-) in your "/etc/xinetd.conf" file, do you have a line saying includedir /etc/xinetd.d ? If not, your cvspserver file is never included into the xinetd.conf file. So xinetd never starts up your server to listen on port 2401 Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Problems connecting across the internett...
> My guess would be that there's a firewall in between the two systems. Nope...well there is, but thats been cleared for port 2401. Just found out why...in my xinetd.conf i have a default section. In that section there is a line "only_from = 192.168.1.1 192.168.1.2" which is my two private ip adresses. When I removed that line from the cvspserver file in "/etc/xinet.d", i guess the line in the default section in xinetd.conf was stepping in. Am I right? Now I get this error when checking out a larger project from the repository across the net. Happens after it allready has checked out a number of files from different subdirs: cvs server: failed to create lock directory for `/usr/local/cvsroot/Project/Doc/Feedback' (/var/lock/cvs/Project/Doc/Feedback/#cvs.lock): Permission denied cvs server: failed to obtain dir lock in repository `/usr/local/cvsroot/Project/Doc/Feedback' cvs [server aborted]: read lock failed - giving up Error, CVS operation failed ehhh, missing chmod g+s on the lockdir? Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: pls enough of that connection refused
> 1) cvs -d /usr/CVS init > 2) imported the required directory (no conflicts) > 3) checked out the required (no conflicts) > 4) created a file passwd in /usr/CVS and added the line > username: The file passwd should be in /usr/CVS/CVSROOT Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Problems connecting across the internett...
I can connect and use cvs just fine from win '98 just fine on my ethernet to cvs server on my linux RedHar 7.2 box. But when I try to connect across the internet (both boxes on dialup) I get weird errors...: # cvs [login aborted]: recv() from server x.x.x.x: connection reset by peer and this one the second time I tried: # cvs [login aborted]: recv() from server x.x.x.x: EOF Same errors pop up when I try to checkout. Anybody have a clue? Ping is ok...alittle slow on the response, but I get answers. Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Connection refused
>>Even i haven't seen any cvspserver daemon running on the Linux server. >>What is the problem? Run this command on the linux box (as root): netstat -nlpd You should get among several other lines a line that says inetd or cvspserver is listening on port 2401. If not, your server deamon is not running. Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Complex repository problem...
I have a problem I would like to get an expert opinion on. If I have a module in the repository like this: +-M-A | +-S-A1 | | | + S-A11 | | | + S-A111 | + S-A2 | | | + S-A21 | | | + S-A211 | + S-B1 | + S-B11 | + S-B111 Picture this event sequence: ---Delete S-A2 and S-B1 all files and subdirs of them from the repository. ---Import S-A2 and S-B1 back into the repository with all files an subdirs as two independent modules. ---Set up an entry in the modules file looking like this: M-A &S-A2 &S-B1 ---If I checkout M-A, do I get a working dir where S-A2, and S-B1 with subdirs and files are created as subdirs of the working copy of M-A. ---If I do some changes to a file in S-A211, will a commit of M-A allso commit the changes to S-A2? ---When I later tag S-A2 with v1, and M-A with v1_2, will tag v1_2 allso be set on S-A2? ---Will merges from a branch of M-A allso affect S-A2? ---Do the tags on M-A have to be unique in the repository, or just for the module. ---Can I use v1 as a tag on S-A2 *and* on M-A and have them treated as separate tags when merging branches on M-A? Sorry for the long message, and the many questions, but I want to get this right, so I avoid problems in the future. I allready have made the mistake of importing S-A2 and S-B1 as subdirs of M-A even though they are separate subprograms of M-A with separate tags and version numberings and release numbers. Thanks in advance... Regards Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: checkout / but no commit
> Is there any way if we can grant access to checkout > module -- but cannot 'checkin' or 'commit' file(s) > Is this what Read-Only repository access means? Yup :-) Look at the documentation for the readers and writers files in CVSROOT. Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: obtain revision information
The revision numbers are internal to cvs. Thats cvs's responsibility and nobody should pay any attension to them as anything other than a view into cvs's internal bookkeeping. If you look at the existing tags, o0-02, o0-03, v5-8-6, v5-8-7, and so on are Tags created at some point in the development process, when the developers felt the code in the repository needs some mark to go back to, or retreive later. Like a version release, or a bugfix release of the code. These tags are what's realy important to you. That allows you to retreive some earlier state of the source code based on a name (the tag name), which is entirely up to you to define the meaning of. I dont know if this made things any clearer, but please forget about revision numbers. Trying to change them or understand them is like trying to change your social security number because you want it to match your phone number or Name and address. Leave them alone. They are cvs's territory. Instead you should set up a meaningfull tag naming scheme that makes sence to you. Regards from Olav! Harry Putnam wrote: > [EMAIL PROTECTED] (Larry Jones) writes: > > >>Harry Putnam writes: >> >>>How can I get the current revision number of a package (module)? >>> >>CVS is a *file* versioning system, it does not have any concept of a >>revision number for any larger package. Most people use tags to >>identify higher-level version information, so perhaps doing a status -v >>on a file to list those tags will provide some information. If you did >>that on the CVS source repository, for example, you'd see tags like >>cvs1-10-7, cvs1-10-8, and cvs1-11, which correspond to the 1.10.7, >>1.10.8, and 1.11 releases of CVS. >> > > Thanks Larry, that makes it quite a lot easier to find out version > stuff. Still a little confused about what some of the output means > though. > > Following your suggestion, I thought to run `cvs status -v' on the > ChangeLog of the busiest directory in the package, might be a way to > get the needed info most efficiently. And it does give some info, > but this output puzzles me a bit: > > File: ChangeLog Status: Needs Patch > >Working revision:6.1143 >Repository revision: 6.1152 /usr/local/cvsroot/gnus/lisp/ChangeLog,v >Sticky Tag: (none) >Sticky Date: (none) >Sticky Options: (none) > >Existing Tags: > o0-05 (revision: 6.1104) > o0-04 (revision: 6.969) > o0-03 (revision: 6.421) > o0-02 (revision: 6.410) > v (revision: 6.408) > o0-01 (revision: 6.406) > [...] > v5-8-8 (revision: 5.742.2.2) > v5-8-7 (revision: 5.522) > v5-8-6 (revision: 5.427) > [...] > > Should there be a 5 digit gap between Working and Repository? > Then where existing tags are displayed, the most recent revision is > some 40 less than Reporsitory revision. > > A couple of other things I notice: > 1) It seems the difference between Working and Repository should be 1. >Not really sure what those terms means either.. both are committed >right? > > 2) There seem to be somewhat random jumps between versions where tags >were done. I guess that doesn't follow any particular sequence. >Maybe just whenever the committers or maintainers feel it will be >needed? > > > > ___ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs > > > > ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Repository access question...
Thanks a million...I'm must be getting pretty good at this :-) It actually worked, with permissions and everything! Olav! Larry Jones wrote: > Olav =?ISO-8859-1?Q?Lindkj=F8len?= writes: > >>cvs server: cannot open /root/.cvsignore: Permission denied >>cvs [server aborted]: can't chdir(/root): Permission denied >> > > That means you're missing the -f in server_args or you need to add > "passenv = PATH" to your xinetd configuration file. > > -Larry Jones > > You can never really enjoy Sundays because in the back of your > mind you know you have to go to school the next day. -- Calvin > > > > ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Repository access question...
>>but when I try to checkout a module it says: "setgid failed: operation >>not permitted". I have the modules owned by their respective user:group >>and have done a "chmod 2770 ". What have I missed? >> > > That indicates that you're not running CVS as root (from [x]inetd). If > you want CVS to change to the correct user/group for the user, you have > to run it as root. If you don't run it as root, you have to use the > CVSROOT/passwd file to map all of the CVS users to the system user > you're running CVS as. I now run cvs as root, but now these errors pop up when i try to checkout: cvs server: cannot open /root/.cvsignore: Permission denied cvs [server aborted]: can't chdir(/root): Permission denied Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Authorization failed when trying to do an import
> vi /usr/local/cvsroot/CVSROOT/passwd > Added a line with my user name and password: > neil:[password] Try and modify /usr/local/cvsroot/CVSROOT/passwd to: neil:[password]:cvs The part after the password is the system user the server access the repository as when youre loggin into cvs as neil. Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: CVS pserver on RedHat 7.1 lets me login, but when I do import, it fails
Something to do with cvs server running as root, inheriting the HOME
environment variable. Create a user named "cvs" and run the server under
that user. Or try this as root:
unset HOME
/etc/rc.d/init.d/inet restart
Regards from Olav!
Neil Aggarwal wrote:
> I am trying to set-up a CVS pserver on my RedHat 7.1 development machine.
> I tried reading the CVS book at http://cvsbook.red-bean.com, but it
> does not cover xinetd, so I tried to adapt it myself.
>
> Here is what I did as root:
> cvs -d /usr/local/cvsroot init
> /usr/sbin/useradd cvs
> cd /usr/local/cvsroot
> chgrp -R cvs .
> chmod ug+rwx . CVSROOT
>
> vi /etc/xinetd.d/cvs and added these lines:
> service cvs
> {
> port = 2401
> socket_type = stream
> protocol = tcp
> user = root
> group = cvs
> server = /usr/bin/cvs
> server_args = --allow-root=/usr/local/cvsroot pserver
> type = UNLISTED
> wait = no
> }
>
> Restarted xinetd:
> /etc/init.d/xinetd restart
>
> vi /usr/local/cvsroot/CVSROOT/passwd
> Added my login and password copied from from /etc/shadow
>
> I then tried to test it by going to a shell with my user account.
>
> I typed:
> cvs -d :pserver:neil@localhost:/usr/local/cvsroot login
> It asked me for my password and reported no errors, so I thought that
> everything should be OK.
>
> Next, I tried to import a new project, so I went to the
> directory containing the project and typed:
> cvs -d :pserver:neil@localhost:/usr/local/cvsroot import -m "Test Project"
> testProject neil start
>
> I got these error messages:
> cvs server: cannot open /root/.cvsignore: Permission denied
> cvs server: cannot make path to /usr/local/cvsroot/testProject: Permission
> denied
> cvs server: Importing /usr/local/cvsroot/testProject/src
> cvs server: ERROR: cannot mkdir /usr/local/cvsroot/testProject/src -- not
> added: No such file or directory
>
> No conflicts created by this import
>
> Any ideas why this is occurring?
>
> Thanks,
> Neil.
>
> --
> Neil Aggarwal
> JAMM Consulting, Inc.(972) 612-6056, http://www.JAMMConsulting.com
> Custom Internet DevelopmentWebsites, Ecommerce, Java, databases
>
>
> ___
> Info-cvs mailing list
> [EMAIL PROTECTED]
> http://mail.gnu.org/mailman/listinfo/info-cvs
>
>
>
>
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Repository access question...
I cant get access to the repository after following your suggestions. I think I got it the way you described it. I can login to the server ok, but when I try to checkout a module it says: "setgid failed: operation not permitted". I have the modules owned by their respective user:group and have done a "chmod 2770 ". What have I missed? Regards from Olav! Douglas Finkle wrote: >>On Thu, Jan 24, 2002 at 05:44:51PM +0100, Olav Lindkjølen wrote: >> >>>In short: >>>---(Admin) must have read/write access to all modules. >>>---Users from Company B must have read/write access only to >>> >>modules with >> >>>code owned by them. >>>---Users from Company B must allso have Read Only Access to >>> >>public code. >> >>>---Users from Company C must have read/write access only to >>> >>modules with >> >>>code owned by them. >>>---Users from Company C must allso have Read Only Access to >>> >>public code. >> >>>Is there a way to solve this? (cvs user/passwords, file >>> >>permissions...?) >> >>- Create a UNIX group for each of the companies. >>- Put each company's modules in the correct per-company group. >>- Put the company's user account(s) into that group, but NOT into >> the "cvs" group. >>- Put yourself in all of the per-company groups, AND in "cvs". >>- Set everybody's umask to 2, i.e. files and directories will be >> world-readable, and group-writable. >> > > > Close, but I do not completely agree: > > - Admin group cvs-- nobody else, create an unpriviledged admin role user cvs > - Set (almost, see next line) all files under $CVSROOT/CVSROOT to cvs:cvs > - set $CVSROOT to cvs:public 0750, $CVSROOT/history, val-tags to 0660 > cvs:public > - Each company has a separate, unique group > - Each company requiring access to "public" modules also be in the same > public group > - Set the group sticky bit on for each module, according to public/private > rules, > that is 2770 for the (private) group. > - Users can change their own umask, but if you force it, do so to 027 > - Set up the readers and writers acl's-- assuming you're using v1.10.8 or > higher. > This will enable you to allow read-only checkouts of the public module(s). > See cvs_acls.pl in the contrib section of the sources for this. > - DO NOT use pserver-- under any circumstances as it's not safe. > > Disclaimer: I think this is all... > > ___ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs > > > > ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: permissions on modules
> 1. Say you have a repository with two modules (let's say red and blue for > the names). I know if you put a user account in the readers file in > CVSROOT, it will give that person only read access to the whole repository. > Is there a way to give someone read-only to red but read/write to blue? Is > it a bad idea to start using actual Unix permissions for things like this or > does CVS allow you to get granular? Have a look at the message thread from yesterday and the day before called "Repository access question". I had kind of the same problem you had and got a pretty detailed answer. > 2. I assume you can create more than one repository on a machine, but my > CVS repository is in /usr/local/cvs now. Where would a second one go? Can > you specify any directory for where the repository can sit. Yes you can. Read the Cederquist manual section about "Multiple repositories" at http://www.cvshome.org/docs/manual/cvs_2.html#SEC9 Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Repository access question...
Thanks alot for all the help...I'll try and get it done during the weekend. I'll let you know if it works or not. Regards from Olav! Rob Helmer wrote: > On Thu, Jan 24, 2002 at 06:01:31PM -0500, Douglas Finkle wrote: > >>>:-) I have SSH, CygWin, and Putty on my windoze box. Tortoise >>>CVS comes with SSH via a DOS window...and you have to punch in the >>> >>password for >> >>>every CVS command. Thats not very user friendly for people >>>totally blank on CVS and SSH and linux. Must be a better way (easier for >>> >>the users). >> >>Why not use WinCVS? I'm pretty sure the user can even set his/her passwd in >>the >>line that specifies the repository. That would solve the retyping problem, >>but at >>the expense of some security/authentication. Can anyone confimr this? >>Larry, Greg, >>anybody? Again, this is a training/procedural problem. >> > > > The way to do this in WinCVS is by using an SSH private/public > keypair with no passphrase. > > HOWTO is here : http://www.jfipa.org/publications/CVSGuide/ > > > > HTH, > Rob Helmer > > ___ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs > > > > ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Repository access question...
> Close, but I do not completely agree: > > - Admin group cvs-- nobody else, create an unpriviledged admin role user cvs > - Set (almost, see next line) all files under $CVSROOT/CVSROOT to cvs:cvs > - set $CVSROOT to cvs:public 0750, $CVSROOT/history, val-tags to 0660 > cvs:public > - Each company has a separate, unique group > - Each company requiring access to "public" modules also be in the same > public group > - Set the group sticky bit on for each module, according to public/private > rules, > that is 2770 for the (private) group. > - Users can change their own umask, but if you force it, do so to 027 > - Set up the readers and writers acl's-- assuming you're using v1.10.8 or > higher. > This will enable you to allow read-only checkouts of the public module(s). > See cvs_acls.pl in the contrib section of the sources for this. > - DO NOT use pserver-- under any circumstances as it's not safe. > > Disclaimer: I think this is all... = Thanks for the detailed answer! I have lived in a M$ Windoze env. for entirely too long now. Due to software development for clients I still have to do my work in Windoze, but i'm slowly catching up on my linux knowledge. I'm not used to the linux file permission system. I learn new things every day! I have a server up and running here at the office that runs about every server there is just to learn how things work in Linux. Havent connected it to the net yet though. Have some cleaning up on the security to do before I do that. That's why I need help getting on the right track. Ok, I think i get most of what you're saying. Probably have to read up on a couple of things, but most of it sounds understandable. Now for the trick question: If I am not going to use pserver, what is the easiest to set up, and most secure? Remember, users thats going to work with the source have never seen CVS or any tool like it before. So I think about using Tortoise CVS for the day to day use from windoze because its easy to use. What about the alternative to pserver? SSH? Kerberos? Tunneling? (I recently learned alot of fancy words...(hehe) :-) I have SSH, CygWin, and Putty on my windoze box. Tortoise CVS comes with SSH via a DOS window...and you have to punch in the password for every CVS command. Thats not very user friendly for people totally blank on CVS and SSH and linux. Must be a better way (easier for the users). Thanks again! Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Repository access question...
I have a slight dilemma i just can't figure out. ---I have a repository /usr/local/cvsroot ---cvs server is running as user cvs, group cvs. ---I have an entry in the cvsroot/CVSROOT/passwd file with a private user for me. ---I am a member of the cvs group. Heres the problem: ---I (Admin) am developing software for another company (Company A). I am the main developer and project administrator. There are several projects for that company that I am in charge of. And allso some projects for other companys (Company B, and Company C). ---I need to set up my repository in a way that I as administrator gets full access to all the code in the repository. And Company A contributes from time to time with code on different modules. They need read and write Access to the modules I maintain for them. But I do not want them to read or write my private modules (Admin), nor the modules of Company B and Company C. Anybody follow me? In short: ---(Admin) must have read/write access to all modules. ---Users from Company B must have read/write access only to modules with code owned by them. ---Users from Company B must allso have Read Only Access to public code. ---Users from Company C must have read/write access only to modules with code owned by them. ---Users from Company C must allso have Read Only Access to public code. Is there a way to solve this? (cvs user/passwords, file permissions...?) Best regards from Olav! ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
