From owner-freebsd-cvsweb Thu Sep 26 13:57:33 2002 Delivered-To: freebsd-cvsweb@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A90737B401 for ; Thu, 26 Sep 2002 13:57:32 -0700 (PDT) Received: from ns2.comverse.com (ns2.comverse.com [63.64.185.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id 428F043E75 for ; Thu, 26 Sep 2002 13:57:31 -0700 (PDT) (envelope-from Vassilii.Khachaturov@comverse.com) Received: from mail-bridge.comverse.com (mail-bridge.comverse.com [10.200.7.190]) by ns2.comverse.com (8.11.6/8.11.1) with ESMTP id g8QKvFS18821; Thu, 26 Sep 2002 16:57:19 -0400 Received: by mail-bridge.comverse.com with Internet Mail Service (5.5.2653.19) id ; Thu, 26 Sep 2002 16:54:02 -0400 Received: from mail-in.comverse.com (mail-in [10.230.12.30]) by mail-bridge.comverse.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id RJZKWPFP; Thu, 26 Sep 2002 16:54:00 -0400 Received: by mail-in.comverse.com with Internet Mail Service (5.5.2653.19) id ; Thu, 26 Sep 2002 16:53:04 -0400 From: Khachaturov Vassilii To: "'Adi Linden'" Cc: freebsd-cvsweb@FreeBSD.ORG Message-ID: <6B1DF6EEBA51D31182F200902740436803B24CC9@mail-in.comverse.com> Subject: RE: CVSweb and cvs in chroot Date: Thu, 26 Sep 2002 16:53:02 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-cvsweb@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I setup a cvs server in a chroot jail. How would I go about > accessing that > cvs repository using cvsweb? Depends on what your goal is and what your security policies are. E.g., if you don't trust cvs pserver access running on your machine, so you set up a chroot jail for it, you may still feeling it to be perfectly OK to just let your cvsweb (running, say, under a non-priviledged web process uid) have read access there - I am assuming you trust your web server process so that it sees the cvsroot and below. Just make sure the files there are readable for the web user. If you want the annotate feature write access is needed (e.g., add the web server to the cvs repository writing group - but this brings a risk from the cvsweb+webserver setup and code potential security problems). I don't use annotate - exactly because I have my cvs repository mounted read-only in my webserver env. Or, you can make your web server root-jailed and its root-jail has to include the cvsweb's one in it. HTH, V. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-cvsweb" in the body of the message