Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 May 2002 16:34:58 +0200
From:      Roman Neuhauser <neuhauser@bellavista.cz>
To:        Jan Grant <Jan.Grant@bristol.ac.uk>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: cvs repo owned by a nonroot user
Message-ID:  <20020530143458.GE20796@freepuppy.bellavista.cz>
In-Reply-To: <Pine.GSO.4.44.0205301507340.14897-100000@mail.ilrt.bris.ac.uk>
References:  <20020530140017.GD20796@freepuppy.bellavista.cz> <Pine.GSO.4.44.0205301507340.14897-100000@mail.ilrt.bris.ac.uk>
index | next in thread | previous in thread | raw e-mail 

> Date: Thu, 30 May 2002 15:09:49 +0100 (BST)
> From: Jan Grant <Jan.Grant@bristol.ac.uk>
> To: Roman Neuhauser <neuhauser@bellavista.cz>
> cc: freebsd-questions <freebsd-questions@freebsd.org>
> Subject: Re: cvs repo owned by a nonroot user
> 
> On Thu, 30 May 2002, Roman Neuhauser wrote:
> 
> > Hi there,
> >
> > I have a problem setting up cvs repo (pserver). I want the server to run
> > as a non-root user. However, as soon as I change the appropriate line in
> > /etc/inetd.conf (:s/root/cvs/), I can't login:
> >
> > roman@freepuppy ~ > cvs -d:pserver:roman@freepuppy:/home/cvs login
> > Logging in to :pserver:roman@freepuppy:2401/home/cvs
> > CVS password:
> > cvs login: authorization failed: server freepuppy rejected access to
> > /home/cvs for user roman
> >
> > roman@freepuppy ~ > ls -ld /home/cvs
> > drwxrwxr-x  3 cvs  cvs  512 Apr 28 22:21 /home/cvs
> >
> > roman@freepuppy ~ > grep cvs /etc/passwd
> > cvs:*:666:666:CVS server:/home/cvs:/sbin/nologin
> >
> > roman@freepuppy ~ > grep /home/cvs /etc/inetd.conf
> > cvspserver      stream  tcp     nowait  cvs     /usr/bin/cvs    cvs
> > --allow-root=/home/cvs pserver
> >
> > If cvs runs as root, I can log in, and checkout. What am I doing wrong?
> 
> cvs pserver does (or tries to do) a setuid as it authenticates you.
> That's failing, which is why you're getting the error. cvs _ought_ to
> not do anything odd before it does the setuid stuff but unless you've
> read the code, you're taking that on faith.

    ok. so all I can do is chown the repo dir to cvs:cvs (allowing only
    users in that group), right? 
    
    I have an odd feeling I've read somewhere cvs *could* be run by a
    non-root user...  Anyway, thanks for the info.

-- 
FreeBSD 4.5-STABLE
4:32PM up 2 days, 6:27, 13 users, load averages: 0.05, 0.07, 0.02

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020530143458.GE20796>