Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Setting up a CVS server (pserver)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
rsk
Apprentice
Apprentice


Joined: 18 Apr 2002
Posts: 220
Location: Tucson, AZ

PostPosted: Thu May 08, 2003 8:47 pm    Post subject: Setting up a CVS server (pserver) Reply with quote

NOTE: This was done with Gentoo 1.4rc3 and 1.4rc4, YMMV

Hey guys,
I was wondering how to do this about 3 days ago and hunted through the forums and got it working by combining a lot of feedback from a lot of good people (this thread in particular: https://forums.gentoo.org/viewtopic.php?t=38844&highlight=cvs+server) and I just wanted to summarize for the people out there that didn't have the time to go hunting. Please note that I am summarizing the way I setup CVS, but I think there is just a hair more than 10e6 ways to do it :)

This setup is for using pserver with CVS. No ssh stuff yet, I haven't figured that out yet :)

1) emerge xinetd (this guy is in charge of listening for CVS service requests and waking up a cvs process to take care of the user)
2) emerge CVS (here is the big guy himself)
3) OPTIONAL: emerge superadduser (this is just a damn handy util to have around)

Ok that's it for emerging, now we just have to change configurations and all that jazz.

NOTE: I did all of this while logged in as root, so adjust your plan of attack accordingly.

NOTE 2: Whenever I name something, like a group name, or user name, or directory name... feel free to use something different, just be consistent.

3) create a new "cvs" group with our friend groupadd (groupadd cvs).

4) create a new user (using superadduser or useradd) with the name "cvs" and make their initial (and ONLY) group "cvs". So don't stick them in users or something. Also make sure their shell points to "/bin/false" so someone can't use that account to login (assuming you gave it some easy to guess name.). And lastly make their home directory "/home/cvsroot"

Ok so now you have the software installed, and the user created. Now we need to tie these two things together so they play nice.

5) go into your /etc dir
6) edit the xinetd.conf file, and remove the first line "only_from". It probably says something like only_from localhost. This will limit logins to only localhost, or only whatever IP you put there. If you WANT this kind of security, then change it. NOTE: I don't know how you specify multiple hosts (commas, spaces, whatever) sorry.

Ok we should be done with this file.

7) Go into your /etc/xinetd.d directory

8) type "ls" and look at all the pretty files. These all represent services that xident can start for you and do stuff with. "Stuff" more specifically meaning 'i don't know'.

9) edit the cvspserver file

Now just peruse this file, take a look at the field names. Notice in this file that user/group are already "cvs", you see that? I'm psychic.

Some people have throw security to the wind and changed the user to "root", although I suppose that is about as safe as sticking your face into a bee hive.

anyway...

10) Look at the first line "disable yes", change that to a "no". By default all xinetd services are disabled, so the user can enable what he/she wants. Or atleast this is good practice, and cvs seems to be cooperating with that.

You should be done with that file, unless you want to change the port or something.

Ok so now we need to make sure the repository is setup alright.

11) type "cvs -d /home/cvsroot init" to init the repository.

Now keep in mind though that you just did that as root, so now you need to give the files back to user "cvs" so he won't cry

12) cd /home
chown cvs:cvs -R cvsroot

you should be in good shape now, make sure that cvs/cvs owns that dir as well as every file and dir under it (right now should just be CVSROOT). If you have some shell config files in there (.bashrc, .bash_profile) go ahead and erase them, the user can't ever login to use them anyway.


ok to recap we have:
* user and group "cvs"
* software "xinetd" and "cvs" installed
* software "xinetd" configured to enable cvspserver service for the user cvs/cvs using the dir /home/cvsroot
* we've inited the repository
* we've fixed the permissions

what's left? Nothing right? WRONG!

This one had me stumped for about an hour.

Now we need to create/edit the /home/cvsroot/CVSROOT/passwd file. This file is used by CVS to either provide name/pass pairs, or loginName/systemName mappings. So for example, we want to tell cvs "Hey, I'm going to allow a login called "cvs", but I want you to map it to my local system user "cvs"". Let me clarify.

You created a system account called "cvs" in a group called "cvs". You told xinetd that the cvspserver service is allowed to play only with users named "cvs" in the group "cvs". But now you have to tell CVS what login names (just names, not accounts) are allowed to use CVS. So you could have 10 cvs logins (bob, frank, john, marry, etc. etc.) all mapped to the "cvs" account. That way when "frank" logs in, CVS goes "oh ok, frank is really the CVS account, so I'll have to validate against the system password for that account". You can of course specify passwords in the passwd file and not do mappings if you wish, but I prefer to map them to accounts.

so now the format of this passwd file is:

cvsLoginName:optionalCvsPassword:optionalSystemAccountMapping

so for our purposes, we want to put this in the passwd file:

13) cvs::cvs

So here you see I've mapped CVS login name "cvs" to our system user "cvs". So i'll have to use the system user's password when I login using cvs.

Ok we are getting close, I think that's pretty much it, just make sure to restart xinetd or else all of this was for naught:

14) /etc/init.d/xinetd restart

Ok now try to login to the cvs repository:

15) cvs -d :pserver:cvs@myDomainName.com:/home/cvsroot login
// enter your password

walla!

If that didn't work, I'm sorry I must have missed a step. post your problem here and hopefully I can ammend the post to address it (or someone else can correct me). I'm only 3-days new to this anyway...

NOTE: Some people have mentioned that changing the ownership of the cvs executable has helped them with permission denied problems, but I don't necessarily think this is a good idea.

Ok that's it for now, I hope this helped all 2 of you that wnated to setup CVS :)
_________________
Best,
Riyad
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18165

PostPosted: Thu May 08, 2003 9:19 pm    Post subject: Reply with quote

Moved from Portage & Programming.
_________________
Those who know what's best for us must rise and save us from ourselves.
Back to top
View user's profile Send private message
rsk
Apprentice
Apprentice


Joined: 18 Apr 2002
Posts: 220
Location: Tucson, AZ

PostPosted: Thu May 08, 2003 9:23 pm    Post subject: Reply with quote

woops sorry
_________________
Best,
Riyad
Back to top
View user's profile Send private message
sessionID
Apprentice
Apprentice


Joined: 11 Nov 2002
Posts: 266
Location: hungary

PostPosted: Fri May 09, 2003 7:03 am    Post subject: Reply with quote

Very nice tutorial, thanks!

A few notes:

I had to copy /usr/portage/dev-util/cvs/files/cvspserver.xinetd.d to /etc/xinet.d (there was no cvspserver file).
The other thing that was not clear for me, is that you have to use encrypted passwords in the passwd file :oops:
Back to top
View user's profile Send private message
rsk
Apprentice
Apprentice


Joined: 18 Apr 2002
Posts: 220
Location: Tucson, AZ

PostPosted: Fri May 09, 2003 7:12 am    Post subject: Reply with quote

no problem I'm glad it helped!

That cvspserver thing is strange, what ver of gentoo are you using?

And yes your absolutely right, encrypted passwords! Thx for the refinement.
_________________
Best,
Riyad
Back to top
View user's profile Send private message
iplayfast
l33t
l33t


Joined: 08 Jul 2002
Posts: 642
Location: Cambridge On,CA

PostPosted: Fri May 09, 2003 7:29 am    Post subject: Reply with quote

I've just set up a pserver cvs as well. I didn't use your tutorial, but I wish I'd seen it.

I've still got one niggling little problem. If I check something out locally the owner chnages to me (ok) but the group is root.

Anyone know what would cause that, and how to make it something sensible (cvsadmin).

Thanks in advance.

PS. Your tut should be submitted as one of the docs.
Back to top
View user's profile Send private message
charlieg
Advocate
Advocate


Joined: 30 Jul 2002
Posts: 2149
Location: Manchester UK

PostPosted: Fri May 09, 2003 9:08 am    Post subject: Reply with quote

A similar tutorial for setting up CVS over SSH instead of pserver would be nice. :)
_________________
Want Free games?
Free Gamer - open source games list & commentary

Open source web-enabled rich UI platform: Vexi
Back to top
View user's profile Send private message
sessionID
Apprentice
Apprentice


Joined: 11 Nov 2002
Posts: 266
Location: hungary

PostPosted: Fri May 09, 2003 9:34 am    Post subject: Reply with quote

rsk wrote:
That cvspserver thing is strange, what ver of gentoo are you using?


It's installed from the 1.4_rc1 live cd, cvs is 1.11.2. I never updated it, so maybe the ebuild is old.
Back to top
View user's profile Send private message
sessionID
Apprentice
Apprentice


Joined: 11 Nov 2002
Posts: 266
Location: hungary

PostPosted: Fri May 09, 2003 9:58 am    Post subject: Reply with quote

charlieg wrote:
A similar tutorial for setting up CVS over SSH instead of pserver would be nice. :)


I still don't quite understand how it works :oops: , but a few good links:
http://ccvs.cvshome.org/fom//cache/9.html
http://freegis.org/grass/howto_grass-sshcvs.en.html
http://www.kitenet.net/~joey/sshcvs/
+ :twisted:
Back to top
View user's profile Send private message
Stalione
Guru
Guru


Joined: 21 Apr 2002
Posts: 335

PostPosted: Mon May 12, 2003 5:16 pm    Post subject: Reply with quote

Quote:

Now we need to create/edit the /home/cvsroot/CVSROOT/passwd file. This file is used by CVS to either provide name/pass pairs, or loginName/systemName mappings. So for example, we want to tell cvs "Hey, I'm going to allow a login called "cvs", but I want you to map it to my local system user "cvs"". Let me clarify.


If you created a new passwd file, make sure after make the changes to it the permissions are set to the cvs user and cvs group
chown cvs.cvs passwd
Back to top
View user's profile Send private message
logic
n00b
n00b


Joined: 12 Apr 2002
Posts: 2

PostPosted: Tue May 13, 2003 3:37 pm    Post subject: Reply with quote

nice, worked great for me..

only one thing
# emerge CVS

should be :
# emerge cvs
Back to top
View user's profile Send private message
S_aIN_t
Guru
Guru


Joined: 11 May 2002
Posts: 488
Location: Ottawa

PostPosted: Wed May 14, 2003 6:08 pm    Post subject: Reply with quote

thanks it worked just fine for me. i did the same thing with fbsd a long time ago.. and didn't remember. the guide helped.
_________________
"That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com
Back to top
View user's profile Send private message
rsk
Apprentice
Apprentice


Joined: 18 Apr 2002
Posts: 220
Location: Tucson, AZ

PostPosted: Sat May 17, 2003 8:19 pm    Post subject: Reply with quote

thanks guys for the positive feedback... maybe one of these days (now that its summer) I should sit down and write a much better structured guide, including all the refinements and info I find on the forums, and include SSH setup and submit it to gentoo docs...
_________________
Best,
Riyad
Back to top
View user's profile Send private message
mikepb78
Apprentice
Apprentice


Joined: 27 Feb 2003
Posts: 171
Location: London

PostPosted: Sun May 18, 2003 2:01 am    Post subject: Why not SSH -> CVS Reply with quote

Why not use SSH and CVS. It is easier to install and manage. And as a bonus it more secure.

1) emerge cvs ssh
2) cvs -d /cvs init (as non root)
3) add users and create ssh keys.

Once the have added there keys then then can access the cvs repository
Back to top
View user's profile Send private message
adrenalin
Tux's lil' helper
Tux's lil' helper


Joined: 29 Dec 2002
Posts: 129

PostPosted: Tue May 20, 2003 11:46 pm    Post subject: Re: Setting up a CVS server (pserver) Reply with quote

Thanks too :)

your guide saved me some hours, but are you sure about that one in the passwd file ?

rsk wrote:

13) cvs::cvs

So here you see I've mapped CVS login name "cvs" to our system user "cvs". So i'll have to use the system user's password when I login using cvs.



did you ever try logging in without/with different password ? ;)


'info cvs RET g TAB p TAB i TAB s TAB r TAB RET' wrote:


...

CVS can also fall back to use system authentication. When
authenticating a password, the server first checks for the user in the
`$CVSROOT/CVSROOT/passwd' file. If it finds the user, it will use that
entry for authentication as described above. But if it does not find
the user, or if the CVS `passwd' file does not exist, then the server
can try to authenticate the username and password using the operating
system's user-lookup routines (this "fallback" behavior can be disabled
by setting `SystemAuth=no' in the CVS `config' file, *note config:: ).

...

Back to top
View user's profile Send private message
rsk
Apprentice
Apprentice


Joined: 18 Apr 2002
Posts: 220
Location: Tucson, AZ

PostPosted: Wed May 21, 2003 4:13 pm    Post subject: Reply with quote

Oh shit, you're right! I just tried logging in by hitting "enter" on an account that has a password, and it logged in fine :(

Thanks so much for pointing this out. Then I suppose the "correct" way around this is to copy the encoded password out of the /etc/passwd file into the CVSROOT/passwd file into the middle place holder. I had read this is the way to set passwords before, but I think I misinterpreted it mean "another" way you could do passwords instead of the "WAY" to do passwords...

Wow that's a big oversight on my part. Thanks again!
_________________
Best,
Riyad
Back to top
View user's profile Send private message
adrenalin
Tux's lil' helper
Tux's lil' helper


Joined: 29 Dec 2002
Posts: 129

PostPosted: Wed May 21, 2003 6:04 pm    Post subject: Reply with quote

uh, did you read my whole post ?

If yes, then i guess you didnt get it right.

If you want to use system auth, then you should remove the user from CVSROOT/passwd. However you should avoid using system account passwords through pserver anyway, because they are sent cleartext. Use different passwords for pserver or even better use ssh instead of pserver. As far as i understand, pserver should only be used for anonymous read only access. If you need any type of auth, then use ssh fex instead and read the docs again ;). If you insist on using auth trough pserver, then DONT use system account passwords
Back to top
View user's profile Send private message
phunni
Apprentice
Apprentice


Joined: 05 May 2003
Posts: 217
Location: Bristol, UK

PostPosted: Tue Jun 03, 2003 2:23 pm    Post subject: Reply with quote

OK - I have file permissions problems. I can only import a new project as root, and I can only check out the CVSROOT module

How do I use this setup to allow me to import a project as a non root user and then be able to check it out?

Edit the specific error I am getting is:

my cvs server wrote:
cvs server: Updating ConygreProject
cvs server: failed to create lock directory for `/home/cvsroot/ConygreProject' (/home/cvsroot/ConygreProject/#cvs.lock): Permission denied
cvs server: failed to obtain dir lock in repository `/home/cvsroot/ConygreProject'
cvs [server aborted]: read lock failed - giving up

_________________
Old School is the way forward!
Back to top
View user's profile Send private message
adrenalin
Tux's lil' helper
Tux's lil' helper


Joined: 29 Dec 2002
Posts: 129

PostPosted: Tue Jun 03, 2003 5:32 pm    Post subject: Reply with quote

phunni wrote:
OK - I have file permissions problems.
...


Right you are. While this matter is not pserver specific, the repository maintainer is in fact required to set up an appropriate ownership/permission model inside the repository for users that should have access to it. Your specific problem results from the fact, that cvs creates lock files while operating on modules inside the repostitory. Thus whoever (in the setup described here this should be a user called cvs) executes the cvs commands locally, is required to have write permissions inside the specific module directory. You can specify another temp dir if you dont want that for some reason.
Back to top
View user's profile Send private message
TAF
n00b
n00b


Joined: 20 Jan 2003
Posts: 31

PostPosted: Wed Jul 16, 2003 11:15 pm    Post subject: Reply with quote

You have a little error, more or less reported about the passwd file.

The correct way to do it is:

1.put the user name followed by ':'

Eg.

teste:

2.get some program that generates DES keys. in CVS's site it's available one:

http://ccvs.cvshome.org/fom//cache/168.html

3. generate the password for the user and copy it to the passwd file

4. do step 1 until not necessary
Back to top
View user's profile Send private message
vulcan_
n00b
n00b


Joined: 06 May 2003
Posts: 61
Location: Gent, Belgium

PostPosted: Thu Jul 17, 2003 10:54 pm    Post subject: encrypting CVSROOT/passwd passwords Reply with quote

the CVS guide at http://cvsbook.red-bean.com/cvsbook.html#The_Password-Authenticating_Server
shows how to use this script:
Code:

#!/usr/bin/perl

srand (time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt ($plaintext, $salt);

print "${crypttext}\n";

used this way
Quote:

I keep the preceding script in /usr/local/bin/cryptout.pl:

floss$ ls -l /usr/local/bin/cryptout.pl

-rwxr-xr-x 1 root root 265 Jun 14 20:41 /usr/local/bin/cryptout.pl
floss$ cryptout.pl "some text"
sB3A79YDX5L4s


there is also a good discussion of CVS issues in this post
https://forums.gentoo.org/viewtopic.php?t=55659&highlight=cvs+setup

hope this helps
_________________
vulcan was a Roman myth - god of smiths
Back to top
View user's profile Send private message
mog
Apprentice
Apprentice


Joined: 05 Jul 2003
Posts: 253
Location: Auckland [NZ]

PostPosted: Thu Aug 14, 2003 11:48 am    Post subject: Reply with quote

your tutorial is great ... thx a buch ... :lol:

there is only one question remaining ... how can I create a repository and add things to it?
I know it may be a stupid question, but I have searched a long time and found no answer ... :(
_________________
To thine own self be true.
Back to top
View user's profile Send private message
MrPyro
Tux's lil' helper
Tux's lil' helper


Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England

PostPosted: Thu Aug 14, 2003 3:46 pm    Post subject: Reply with quote

To create the repository

Code:

cvs -d /your/CVS/ROOT init


The CVSROOT can be pretty much any directory on your system: most people use /home/cvs. This command sets up the directory as a repository.

To add a new module, enter the directory containing the code you want to add, and
Code:

cvs -d /your/CVS/ROOT import REPOSITORY VENDORTAG RELEASETAG


REPOSITORY is what you want the module to be called. VENDORTAG and RELEASETAG are to do with what version the existing code is. I personally just make these up.

CVS over ssh

Once the repository is set up, no additional work needs to be done to access over ssh. No xinetd files or anything. When checking out from the repository, use ext instead of pserver in the CVSROOT definition, like this
Code:

cvs -d :ext:MrPyro@nekrodomos.net:/home/cvs checkout MyCode
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum