[cvsnt] Linux setup problems
Thomas Keller
thomas.keller at inatec.com
Tue Jan 25 11:17:03 GMT 2005
Hello there!
I'm currently trying to move over our old cvs repo to cvsnt.
I installed the RH9 2.0.58d rpm from cvsnt.org and are now puzzled
with some problems:
First thing: The only connection method which is allowed should be
:ext:, so I disabled the pserver in xinetd. Is there any way to enable/
disable other compiled-in methods explicitely through some config file?
What other connection method could be used e.g. for windows users, is
:sspi: possible on Linux?
Secondly, I created two user groups: cvsadmins and cvsusers. In my
thoughts all normal modules should be owned by cvsusers, cvsadmins
would only own the CVSROOT dir (history, val-tags and EmptyDir would be
owned by cvsusers, too, since they need to be writable). Then I set the
permissions for each file/ directory that way that single users as well
as group users had read/write access to the specific file/ dir via chmod
775/664. I did some test commits under various logins and noticed that
the dir and file permissions I set are ignored by cvs. Each file which
is committed gets 444 permissions, obviously I already "hacked" an alias
in /etc/profile
alias cvs="umask 002;cvs"
which should make cvs create new files with group-read-write
permissions. Now, its not too bad that commits from other users do not
fail even if the file is not group-writable, but its a problem for the
CVSROOT-directory where really *only* admins should be able to commit
changes.
I know that there are access control ways via passwd and group, but
since the users connect via ssh which needs a valid Linux user account
I thought of minimizing the administrative overhead (I have to move
about 15 repositories, each contains commit and loginfo scripts) and not
add users into cvs via `cvs passwd`.
I don't even know if the build-in access control thing (via readers,
writers, admin and group file) works at all when
not using :pserver: - you can correct me on this point.
What is a good way to go? I just need *detailed* help...
Thank you guys in advance.
--
Best regards | Mit freundlichen Grüßen
Thomas Keller.
inatec solutions GmbH, Public Key 0x94A5F429
More information about the cvsnt
mailing list