[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: cvs 1.11.2 and pserver on Linux

From: Zanabria, Moises
Subject: RE: cvs 1.11.2 and pserver on Linux
Date: Wed, 8 May 2002 10:29:20 -0500

Larry wrotes:
>  SETXID_SUPPORT is intended to help you run setgid.  For
>setgid, the FAQ says to add:
>       setgid(getegid());

I made a typo when I sent this email , don't know why :) sorry , but my
binary was generated with the correct value in the main.c 

Larry wrote:
>if you're compiling with SETXID_SUPPORT you *don't* want to add that line.
That does means that I need to rebuild without setgid(getegid()); and only

Larry wrote:
>That means that you must configure [x]inetd to run CVS as some group other
than p3cvsg for it to work
I'm not quite sure what do you mean in this point.

According the FAQ:
>Create a group named "cvsg". (This example uses "cvsg". You can name it as
you wish.)
I've created p3cvsg

>Put *no* users in the "cvsg" group. You can put Repository administrators
in this group if you want to.
NO USER just cvsadministrator

>Set the cvs executable to setgid (not setuid):
>cd /usr/local/bin; chown root.cvsg cvs; chmod 2755 cvs
-rwxr-sr-x    1 root     p3cvsg    1557704 May  6 15:49 /usr/bin/cvs

Make sure every file in the Repository is in group "cvsg":

drwxrws---    3 root     p3cvsg       4096 May  1 19:06 ss
drwxrws---    5 root     p3cvsg       4096 May  1 18:36 sse
drwxrws---    2 root     p3cvsg       4096 May  1 18:36 ssmessages

chown -R root.cvsg $CVSROOT
drwxrws---    4 root     p3cvsg       4096 May  8 09:49 CVSROOT

My /etc/xinetd.d/cvspserver:

# default: off
# description: The cvspserver system \

service cvspserver
        disable         = no
        socket_type     = stream
        protocol        = tcp
        wait            = no
        group           = p3cvsg
        user            = root
        server          = /usr/bin/cvs
        passenv         = PATH
        server_args     = -f --allow-root=/local/p4cvs/src pserver


reply via email to

[Prev in Thread] Current Thread [Next in Thread]