[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RE: freezing cvs repository to rsync to a remote location
|
From: |
list-unixexpert |
|
Subject: |
Re: RE: freezing cvs repository to rsync to a remote location |
|
Date: |
Fri, 5 Nov 2004 12:33:47 -0500 |
pserver isn't secure IMHO and i'm sure others will agree.
We use CVS over SSH here. Any solution to sync our repository offsite will
have to be tunneled. I asked about RSync because we currently tunnel this
through SSH to keep files in sync on multiple servers. We don't actually use
RSync in "server mode" which we view as unsecure.
I plan to look into the CVSup method as this appears to be the safest option.
Thanks,
Thomas
>
> From: "Malhotra, Neti" <address@hidden>
> Date: 2004/11/05 Fri AM 09:59:18 EST
> To: "Todd Denniston" <address@hidden>,
> <address@hidden>
> CC: <address@hidden>
> Subject: RE: freezing cvs repository to rsync to a remote location
>
> Todd,
>
> I hate to jump in here, but I'm curious to know why pserver is not
> recommended. Also, could you tell me what the recommended method is? I am
> currently using pserver as well.
>
> Thanks -
> Neti
>
> -----Original Message-----
> From: address@hidden
> [mailto:address@hidden Behalf Of Todd
> Denniston
> Sent: Friday, November 05, 2004 9:48 AM
> To: address@hidden
> Cc: address@hidden
> Subject: Re: freezing cvs repository to rsync to a remote location
>
>
> address@hidden wrote:
> >
> > Does anyone know of a good (and safe) way to lock users out of the cvs
> > repository so we can rsync the repository to a remote site and not risk any
> > data corruption?
> >
> > TIA
> > -T
> If you are using pserver (not really a recommended method any more) then
> with xinetd (on linux):
> XINETD_PSERVER_SCRIPT="/etc/xinetd.d/cvspserver"
> KILLALL="killall"
> CVS_KILL_SIGNAL="-q -SIGTERM"
> CVS_KILL_NOW_SIGNAL="-q -9"
> #stop
> echo -e ",s/disable\t= no/disable\t= yes/\nwq\n"| \
> ed $XINETD_PSERVER_SCRIPT >> /dev/null 2>&1
> $KILLALL -HUP xinetd
> #start
> echo -e ",s/disable\t= yes/disable\t= no/\nwq\n" | \
> ed $XINETD_PSERVER_SCRIPT >> /dev/null 2>&1
> $KILLALL -HUP xinetd
> #note the tab between disable and the = sign
> with inetd, comment the cvspserver line in /etc/inetd.conf and HUP inetd,
> uncomment to bring it back on line.
> you can do the same things for rsh (the rlogin config) as was done to
> cvspserver.
> for ssh (this would probably work for rsh too)
> #stop
> echo "hey no logging in now, someone is working with cvs" >>
> /etc/nologin
> #start
> #make sure nothing else has lines in /etc/nologin then
> rm /etc/nologin
>
> #after doing the above (preventing new sessions from being started)
> #you need to stop any current sessions.
> $KILLALL $CVS_KILL_SIGNAL cvs
> sleep 10 #give them a chance for graceful exit
> $KILLALL $CVS_KILL_SIGNAL cvs
> sleep 20 #give them another chance for graceful exit
> $KILLALL $CVS_KILL_NOW_SIGNAL cvs
>
> Now only root can login to the machine and there should be no cvs activity.
> And of course you need to undo the changes to the system config you did, to
> restart things.
>
> The above works for me, YMMV, all warranties are faulty, don't cry, I am not
> responsible for your safety, try it where you don't care first.
>
> As Mark said CVSup may be better suited to your needs than the method you have
> chosen.
> --
> Todd Denniston
> Crane Division, Naval Surface Warfare Center (NSWC Crane)
> Harnessing the Power of Technology for the Warfighter
>