Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 May 2002 15:09:49 +0100 (BST)
From:      Jan Grant <Jan.Grant@bristol.ac.uk>
To:        Roman Neuhauser <neuhauser@bellavista.cz>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: cvs repo owned by a nonroot user
Message-ID:  <Pine.GSO.4.44.0205301507340.14897-100000@mail.ilrt.bris.ac.uk>
In-Reply-To: <20020530140017.GD20796@freepuppy.bellavista.cz>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 30 May 2002, Roman Neuhauser wrote:

> Hi there,
>
> I have a problem setting up cvs repo (pserver). I want the server to run
> as a non-root user. However, as soon as I change the appropriate line in
> /etc/inetd.conf (:s/root/cvs/), I can't login:
>
> roman@freepuppy ~ > cvs -d:pserver:roman@freepuppy:/home/cvs login
> Logging in to :pserver:roman@freepuppy:2401/home/cvs
> CVS password:
> cvs login: authorization failed: server freepuppy rejected access to
> /home/cvs for user roman
>
> roman@freepuppy ~ > ls -ld /home/cvs
> drwxrwxr-x  3 cvs  cvs  512 Apr 28 22:21 /home/cvs
>
> roman@freepuppy ~ > grep cvs /etc/passwd
> cvs:*:666:666:CVS server:/home/cvs:/sbin/nologin
>
> roman@freepuppy ~ > grep /home/cvs /etc/inetd.conf
> cvspserver      stream  tcp     nowait  cvs     /usr/bin/cvs    cvs
> --allow-root=/home/cvs pserver
>
> If cvs runs as root, I can log in, and checkout. What am I doing wrong?

cvs pserver does (or tries to do) a setuid as it authenticates you.
That's failing, which is why you're getting the error. cvs _ought_ to
not do anything odd before it does the setuid stuff but unless you've
read the code, you're taking that on faith.

jan

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
Just because I have nothing to hide doesn't mean I have nothing to fear.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44.0205301507340.14897-100000>