info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Check out fails


From: Rancier, Jeff
Subject: RE: Check out fails
Date: Tue, 21 Jun 2005 16:24:20 -0400

I guess your right.  I'll re-read the pserver section.  Both systems are
internal, security risk in nil.  I did delete the passwd file, and then I
couldn't login to the repository.  

> cvs -d :pserver:address@hidden:/usr/local/cvsroot login
Logging in to :pserver:address@hidden:2401/usr/local/cvsroot
CVS password:
cvs login: authorization failed: server jrancier rejected access to
/usr/local/cvsroot for user jrancier

This aside, it was the cvsd on the Windows box (the repository) which was
reporting the initgroups error then?  I mean, why would the local cvs client
care, right?

Thanks for the assistance.
Jeff

| -----Original Message-----
| From: Todd Denniston [mailto:address@hidden 
| Sent: Tuesday, June 21, 2005 4:01 PM
| To: Larry Jones
| Cc: Rancier, Jeff; address@hidden
| Subject: Re: Check out fails
| 
| 
| Larry Jones wrote:
| > 
| > Todd Denniston writes:
| > >
| > > If you are using pserver you should not need to su, 
| [x]inetd runs as root.
| > 
| > But is it set up to run pserver as root?  If not, you can 
| only run as
| > the user you're running pserver as -- any attempt to run as 
| a different
| > user will result in similar problems (although one would expect
| > initgroups() to fail with EPERM rather than EINVAL).
| 
| which would imply either the user name given was invalid (for where
| initgroups looked) or the additional group was. Does 
| initgroups get pointed
| at CVSROOT/passwd if it exists?
| 
| seeing this and his latest (21 Jun 2005 15:15:46) email I 
| wonder if Jeff has
| jrancier in /usr/local/cvsroot/CVSROOT/passwd and in the 
| correct format
| assuming his mention of CVSROOT/passwd means it exists. 
| 
| Jeff, 
| sorry that was one of my other assumptions, CVSROOT/passwd 
| did not exist. 
| You should only need CVSROOT/passwd if you want to allow 
| logins that are not
| system username logins. I will let you decide if you want to 
| read up on
| pserver past and current insecurities and decide if having 
| CVSROOT/passwd is
| something you really want.
| 
| -- 
| Todd Denniston
| Crane Division, Naval Surface Warfare Center (NSWC Crane) 
| Harnessing the Power of Technology for the Warfighter
| 




reply via email to

[Prev in Thread] Current Thread [Next in Thread]