Date: Thu, 26 Sep 2002 16:53:02 -0400 From: Khachaturov Vassilii <Vassilii.Khachaturov@comverse.com> To: "'Adi Linden'" <adil@adis.on.ca> Cc: freebsd-cvsweb@FreeBSD.ORG Subject: RE: CVSweb and cvs in chroot Message-ID: <6B1DF6EEBA51D31182F200902740436803B24CC9@mail-in.comverse.com>
next in thread | raw e-mail | index | archive | help
> I setup a cvs server in a chroot jail. How would I go about > accessing that > cvs repository using cvsweb? Depends on what your goal is and what your security policies are. E.g., if you don't trust cvs pserver access running on your machine, so you set up a chroot jail for it, you may still feeling it to be perfectly OK to just let your cvsweb (running, say, under a non-priviledged web process uid) have read access there - I am assuming you trust your web server process so that it sees the cvsroot and below. Just make sure the files there are readable for the web user. If you want the annotate feature write access is needed (e.g., add the web server to the cvs repository writing group - but this brings a risk from the cvsweb+webserver setup and code potential security problems). I don't use annotate - exactly because I have my cvs repository mounted read-only in my webserver env. Or, you can make your web server root-jailed and its root-jail has to include the cvsweb's one in it. HTH, V. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-cvsweb" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6B1DF6EEBA51D31182F200902740436803B24CC9>