info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: unable to login to CVSD with pserver user


From: Allen Marshall
Subject: Re: unable to login to CVSD with pserver user
Date: Mon, 28 Nov 2005 06:14:09 -0500


address@hidden wrote:
> I have been trying to set up a CVS server on my machine using CVSD (a
> chrooted environment for the CVS server to run in).  I have been able
> to start the server and the CVSROOT is located in '/cvs/root/'.  when I
> use the command 'cvs -d :pserver:address@hidden:/cvs/root' it will
> always prompt me for the password for 'username' and then say:
>
> Fatal error, aborting.
> username: no such user
>

<Linux>


You must have a legitimate security group defined in the OS for the pserver logins to 'piggyback' on. In my passwd file, there is a cvs login name, then the password, then the OS security group that all the pserver effectively login under...  I also set every one of these groups to a dummy shell e.g. 'false' so they can never get an OS login directly either.   Usually I define a group for each module in the repository and set file permissions for the module so that the group owns all the files.  This prevents unauthorized waddling around in the repository...

I also may have added these groups to some generic cvs users group or somesuch but that detail escapes me just now.  I also do not recall using this chroot thing - I simply set up a pserver daemon to spawn from inetd instead.  Perhaps that is not the right way to go but it has worked fine for internal security control purposes (inside our corporate firewall)

I also note that for some reason you have renamed CVSROOT to root - is there a compelling need to do this?  My impression was that the CVSROOT was ideally or normally supposed to be named CVSROOT.....

One other possible source of issues may be rights  on the cvs lock directories - these security groups need to have appropriate file permissions there (as I recall, locks are located in /var/locks/<cvsrepo>/<module>

While pserver is OK for internal purposes, from the outside we only allow ssh BTW. The  pserver protocol apparently has 'issues'....

HTH
</Linux>


Allen Marshall
Cambridge Systematics, Inc.
100 CambridgePark Drive, Suite 400
Cambridge, MA 02140
tel  617 354 0167
fax  617 354 1542
e-mail  address@hidden
www.camsys.com

reply via email to

[Prev in Thread] Current Thread [Next in Thread]