From owner-freebsd-questions Thu May 30 7:34:39 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.thundernet.cz (mail.thundernet.cz [62.77.87.114]) by hub.freebsd.org (Postfix) with SMTP id 9234E37B400 for ; Thu, 30 May 2002 07:34:31 -0700 (PDT) Received: (qmail 21877 invoked from network); 30 May 2002 14:33:49 -0000 Received: from unknown (HELO freepuppy.bellavista.cz) (62.168.44.50) by mail.thundernet.cz with SMTP; 30 May 2002 14:33:49 -0000 Received: (from roman@localhost) by freepuppy.bellavista.cz (8.11.6/8.11.6) id g4UEYxo03107; Thu, 30 May 2002 16:34:59 +0200 (CEST) (envelope-from neuhauser@bellavista.cz) X-Authentication-Warning: freepuppy.bellavista.cz: roman set sender to neuhauser@bellavista.cz using -f Date: Thu, 30 May 2002 16:34:58 +0200 From: Roman Neuhauser To: Jan Grant Cc: freebsd-questions Subject: Re: cvs repo owned by a nonroot user Message-ID: <20020530143458.GE20796@freepuppy.bellavista.cz> Mail-Followup-To: Jan Grant , freebsd-questions References: <20020530140017.GD20796@freepuppy.bellavista.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.99i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Date: Thu, 30 May 2002 15:09:49 +0100 (BST) > From: Jan Grant > To: Roman Neuhauser > cc: freebsd-questions > Subject: Re: cvs repo owned by a nonroot user > > On Thu, 30 May 2002, Roman Neuhauser wrote: > > > Hi there, > > > > I have a problem setting up cvs repo (pserver). I want the server to run > > as a non-root user. However, as soon as I change the appropriate line in > > /etc/inetd.conf (:s/root/cvs/), I can't login: > > > > roman@freepuppy ~ > cvs -d:pserver:roman@freepuppy:/home/cvs login > > Logging in to :pserver:roman@freepuppy:2401/home/cvs > > CVS password: > > cvs login: authorization failed: server freepuppy rejected access to > > /home/cvs for user roman > > > > roman@freepuppy ~ > ls -ld /home/cvs > > drwxrwxr-x 3 cvs cvs 512 Apr 28 22:21 /home/cvs > > > > roman@freepuppy ~ > grep cvs /etc/passwd > > cvs:*:666:666:CVS server:/home/cvs:/sbin/nologin > > > > roman@freepuppy ~ > grep /home/cvs /etc/inetd.conf > > cvspserver stream tcp nowait cvs /usr/bin/cvs cvs > > --allow-root=/home/cvs pserver > > > > If cvs runs as root, I can log in, and checkout. What am I doing wrong? > > cvs pserver does (or tries to do) a setuid as it authenticates you. > That's failing, which is why you're getting the error. cvs _ought_ to > not do anything odd before it does the setuid stuff but unless you've > read the code, you're taking that on faith. ok. so all I can do is chown the repo dir to cvs:cvs (allowing only users in that group), right? I have an odd feeling I've read somewhere cvs *could* be run by a non-root user... Anyway, thanks for the info. -- FreeBSD 4.5-STABLE 4:32PM up 2 days, 6:27, 13 users, load averages: 0.05, 0.07, 0.02 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message