Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 04 Feb 2002 06:56:18 +0100
From:      Bernd Luevelsmeyer <bdluevel@heitec.net>
To:        hubs@FreeBSD.org
Cc:        adminmail@heitec.net
Subject:   Re: FTP mirror; anonymous CVS
Message-ID:  <20020204055618.995F3B8208@christel.heitec.net>
References:  <20020130043616.BD197B8206@christel.heitec.net> <20020130131414.I81625@atrbg11.informatik.tu-muenchen.de> <20020201044900.3B8C9B8101@christel.heitec.net> <20020201100953.A90046@atrbg11.informatik.tu-muenchen.de> <20020201130459.74650B8101@christel.heitec.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Bernd Luevelsmeyer wrote:
> I'm trying to chroot it into the CVSROOT directory.

I got it chrooted, but I won't install it that way.

To have a chrooted cvs, you need to have a statically linked cvs binary
and put it into the $CVSROOT. You also need /dev/null and a temporary
directory there, and a /etc/spwd.db containing the users cvs will be
running as (only nobody in my case). I don't want to clutter the
repository with all that, lest cvsup might export it to its clients.
It's bad enough to have 'readers' and 'passwd' in $CVSROOT/CVSROOT
already. (I still find it's an attractive idea though.)

Just for your information, if you *do* want a chrooted cvs, you can have
it along these lines:

# create kernel with portalfs
mkdir /p
mount_portalfs /etc/portal.conf /p
cd $CVSROOT
cp $cvs_static .
mkdir dev
mknod c 2 2 dev/null ; chmod 666 dev/null
mkdir etc
cat >etc/master.passwd
# users go here
# (can have password '*', no home and no shell)
pwd_mkdb -d etc etc/master.passwd
mkdir tmp
chmod 1777 tmp
while true
  cd $CVSROOT
  chroot . /cvs_static -R -l -f -T /tmp --allow-root=/\
    pserver <> /p/tcplisten/ANY/2401 >&0
  done


The while loop should, of course, be started in a /usr/local/etc/rc.d
script. You can make the cvs binary suid some_user if only some_user
will be using cvs; otherwise, cvs must be started as root. If you don't
want a portalfs, you can start a script with the cd and chroot lines in
inetd.conf.


Greetings,
	B. Luevelsmeyer

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hubs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204055618.995F3B8208>