[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ownership Issues Running as pserver vs. server

From: Malhotra, Neti
Subject: Ownership Issues Running as pserver vs. server
Date: Sun, 31 Oct 2004 10:05:11 -0500


I am looking for an opinion on the correct way to configure my server so that I 
can access CVS locally from the server as well as from a PC using WinCVS.  
Here's the dilemna.

Before upgrading to cvs 1.11.17, cvs was owned by a user on our system called 
cvs (id=9001), and group also called cvs (id=2525) with the sticky bit set 
(i.e. 4755).  Therefore most of the files in the repository are owned by 
9001:2525.  With 1.11.17 configured as before, running cvs locally works, but 
running in pserver mode fails.  I think what is happening in pserver mode is:

- Inetd kicks off cvs as root:root, so the relevant ids are:
        real user is root:root
            user is retrieved from password file as root:other
            effective user is 9001:root
- Cvs tries to setgid to the group id retrieved from the password file (other). 
 I'm guessing this fails because the effective user is 9001.

I tried to fix this by unsetting the sticky bit on the cvs executable, i.e. 
keep it owned by 9001:2525 and keep perms at 755.  That worked just fine in 
pserver mode, but now causes cvs to fail (unable to create cvslock) when 
running it on the server.

I decided then to change the ownership of cvs to root:2525, with the sticky bit 
set (perms=4755).  This seems to work for both pserver and server modes, but 
now the files in the repository are owned by root.  I don't know that this is 
necessarily a bad thing, but it makes me a little nervous.

Does anyone have any suggestions/opinions on the correct way to set this up?  I 
guess another option may be to kick off cvs as the 9001 user in inetd.   Do you 
think that's a better option?

Thanks in advance for your help -

reply via email to

[Prev in Thread] Current Thread [Next in Thread]