[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cvs and inetd/xinetd
|
From: |
Larry Jones |
|
Subject: |
Re: cvs and inetd/xinetd |
|
Date: |
Tue, 15 May 2001 11:21:15 -0400 (EDT) |
Michael Lindrum writes:
>
> in the current version of cvs 1.11, the documentation describes the use of
> inetd for cvs in client/server mode. This description is not correct for the
> use of xinetd which is commonly installed on Linux systems. It took a lot of
> time for me to find out how cvs and xinetd work together. An example script
> for xinetd (/etc/xinetd.d) in the cvs package would be fine.
Just yesterday I posted an xinetd example that I've added to the manual:
If your system uses xinetd instead of inetd, the procedure is
slightly different. Create a file called
/etc/xinetd.d/cvspserver containing the following:
service cvspserver
{
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/local/bin/cvs
server_args = -f --allow-root=/usr/cvsroot pserver
}
(If cvspserver is defined in /etc/services, you can omit the
port line.)
> Furthermore, invoking cvs directly from xinetd doesn't work because of
> trying to access to $HOME of root.
The above example does not have that problem (passenv is the key).
> For security considerations, it might be useful to describe in the
> documentation the security lack in the case of using rsh compared to
> "password authentication" via xinetd/cvs-passwd.
There really isn't much difference. For real security, you need to use
something like ssh.
-Larry Jones
I must have been delirious from having so much fun. -- Calvin