From owner-freebsd-questions  Thu May 30  7:12:27 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60])
	by hub.freebsd.org (Postfix) with ESMTP id A091737B404
	for <freebsd-questions@freebsd.org>; Thu, 30 May 2002 07:12:18 -0700 (PDT)
Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV 
          with ESMTP; Thu, 30 May 2002 15:12:04 +0100
Received: from cmjg (helo=localhost)	by mail.ilrt.bris.ac.uk 
          with local-esmtp (Exim 3.16 #1)	id 17DQcf-0005Rm-00;
          Thu, 30 May 2002 15:09:49 +0100
Date: Thu, 30 May 2002 15:09:49 +0100 (BST)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
X-X-Sender: cmjg@mail.ilrt.bris.ac.uk
To: Roman Neuhauser <neuhauser@bellavista.cz>
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: cvs repo owned by a nonroot user
In-Reply-To: <20020530140017.GD20796@freepuppy.bellavista.cz>
Message-ID: <Pine.GSO.4.44.0205301507340.14897-100000@mail.ilrt.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, 30 May 2002, Roman Neuhauser wrote:

> Hi there,
>
> I have a problem setting up cvs repo (pserver). I want the server to run
> as a non-root user. However, as soon as I change the appropriate line in
> /etc/inetd.conf (:s/root/cvs/), I can't login:
>
> roman@freepuppy ~ > cvs -d:pserver:roman@freepuppy:/home/cvs login
> Logging in to :pserver:roman@freepuppy:2401/home/cvs
> CVS password:
> cvs login: authorization failed: server freepuppy rejected access to
> /home/cvs for user roman
>
> roman@freepuppy ~ > ls -ld /home/cvs
> drwxrwxr-x  3 cvs  cvs  512 Apr 28 22:21 /home/cvs
>
> roman@freepuppy ~ > grep cvs /etc/passwd
> cvs:*:666:666:CVS server:/home/cvs:/sbin/nologin
>
> roman@freepuppy ~ > grep /home/cvs /etc/inetd.conf
> cvspserver      stream  tcp     nowait  cvs     /usr/bin/cvs    cvs
> --allow-root=/home/cvs pserver
>
> If cvs runs as root, I can log in, and checkout. What am I doing wrong?

cvs pserver does (or tries to do) a setuid as it authenticates you.
That's failing, which is why you're getting the error. cvs _ought_ to
not do anything odd before it does the setuid stuff but unless you've
read the code, you're taking that on faith.

jan

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
Just because I have nothing to hide doesn't mean I have nothing to fear.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message