[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing CVS Command line.

From: Todd Denniston
Subject: Re: Changing CVS Command line.
Date: Fri, 30 May 2008 11:12:40 -0400
User-agent: Thunderbird (X11/20080421)

Lummoxx wrote, On 05/29/2008 09:11 AM:
Hello all.

I'm a system admin of a large, private source control server, which
has exceeded 4,000 active CVS projects.

CVS is managed by xinetd, and each project is listed as a server
argument using --allow-root=/cvsroot/project.  This has worked fine,
until recently, when the number of projects has caused the CVS command
line to exceed the memory paging limit set in the linux kernel.

The kernel was customized by Red Hat in 2006 to fix an unrelated bug,
and the source containing that fix is no longer available, not to
mention, I'm not really inclined to perform a kernel recompile on a
production machine.

you are indicating that you(r company) had RH customize a kernel for a server destined for long service and the system configuration management at your company allowed both your company and RH to loose the change? It surprises me that RH did not deliver an src.rpm for the change as well as the binary version. (BTW have you asked RH if they still have THE change made?) <The above statement MAY be a bit strong, and is hopefully directed at the last administrator and previous management. :) >

And as for as building on the production machine, where is the clone that is a test machine? And sometimes things just have to be done.

Ideally, has anyone ever examined a method, that wouldn't be
unbearably slow for a server with thousands of projects, that could
dynamically determine if the cvsroot being requested was a valid

Thanks for your time.


Option A: don't use pserver, it has the problem above and has been considered a security hole. Other access methods depend on the users access being controlled by the OS, and thus cvs does not need to be told what/where is allowed.
Are all of your users setup as system users or ONLY as pserver users?
Are there reasons you can't switch to :ext: using ssh? (or to one of the other access modes?)

Option B: reduce the number of roots you need to allow
Are there any projects that are related enough to justify rooting them all in the same $CVSROOT, i.e., they have to share ALL of the policies and configuration in $CVSROOT/CVSROOT ? (one quick group might be projects that the bosses KNOW will not have any further development, but are needed for reference.)

Option C: figure out what sourceforge/savannah did... they have lots of cvs roots and yet don't have this problem.

Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

reply via email to

[Prev in Thread] Current Thread [Next in Thread]