[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ownership Issues Running as pserver vs. server

From: Arthur Barrett
Subject: Re: Ownership Issues Running as pserver vs. server
Date: Sun, 31 Oct 2004 20:51:58 GMT


If you are using WinCVS on the client then you are most likely using the
CVSNT client to connect to the server (it is bundled with WinCVS).  CVSNT
Server is free (GPL - just like cvs) and available for Linux, Unix, Windows,
Mac OS X etc and may be configured to run as any user at run time.


Arthur Barrett

"Malhotra, Neti" <address@hidden> wrote in message

I am looking for an opinion on the correct way to configure my server so
that I can access CVS locally from the server as well as from a PC using
WinCVS.  Here's the dilemna.

Before upgrading to cvs 1.11.17, cvs was owned by a user on our system
called cvs (id=9001), and group also called cvs (id=2525) with the sticky
bit set (i.e. 4755).  Therefore most of the files in the repository are
owned by 9001:2525.  With 1.11.17 configured as before, running cvs locally
works, but running in pserver mode fails.  I think what is happening in
pserver mode is:

- Inetd kicks off cvs as root:root, so the relevant ids are:
real user is root:root
            user is retrieved from password file as root:other
            effective user is 9001:root
- Cvs tries to setgid to the group id retrieved from the password file
(other).  I'm guessing this fails because the effective user is 9001.

I tried to fix this by unsetting the sticky bit on the cvs executable, i.e.
keep it owned by 9001:2525 and keep perms at 755.  That worked just fine in
pserver mode, but now causes cvs to fail (unable to create cvslock) when
running it on the server.

I decided then to change the ownership of cvs to root:2525, with the sticky
bit set (perms=4755).  This seems to work for both pserver and server modes,
but now the files in the repository are owned by root.  I don't know that
this is necessarily a bad thing, but it makes me a little nervous.

Does anyone have any suggestions/opinions on the correct way to set this up?
I guess another option may be to kick off cvs as the 9001 user in inetd.
Do you think that's a better option?

Thanks in advance for your help -

reply via email to

[Prev in Thread] Current Thread [Next in Thread]