Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Let The Music Play: Join EFF Today

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 66 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here



Current HOWTO: Secure-CVS-Pserver

Setting up the tools

3. Setting up the tools

Now that CVS and cvsd are built, let's set them up.

3.1. Creating the CVS Repository

Before we begin, I strongly recommend you read the CVS manual that was installed with the rest of CVS. If the stand-alone info browser or the texinfo package is installed on your system, you can see this manual by typing the command info cvs at your shell.

First, plan out where you want your repository. Debian defaults to /var/lib/cvs. My repository is under the directory /cvs/root, and is on its own small partition. What you do depends on your needs and can vary widely.


Make sure that the repository is a subdirectory of an empty directory! For example, if you are installing it into /var/lib/cvs, put the repository in /var/lib/cvs/root (or whatever you want for the last directory). This is because we create a chroot jail for the Pserver!

After you have planned where you want to put your repository, made the necessary partitions, if desired, and run the following command (we assume that it will be at /cvs/root):

$ cvs -d /cvs/root init

That will initialize your repository and set up the necessary CVSROOT files.

3.2. Setting up the jail

Now that we have the CVSROOT set up, we need to copy the appropriate libraries and files for cvsd, which runs the Pserver in the chroot jail.

3.2.1. Transferring the necessary files


If you installed cvsd from a package management system like RPM, this may already be done for you. If that is the case, skip ahead to the next step.

Change your directory to /cvs (or whatever the directory before your root is) and enter the following commands:

$ cvsd-buildroot /cvs
$ mkdir -p var/lock
$ adduser cvsd
$ addgroup cvsd

Thankfully, cvsd comes with the script cvsd-buildroot, so we don't have to do all the necessary copying by hand. However, you should edit the /cvs/etc/passwd file, and remove the entry for "root," as it's unneeded.

3.2.2. Configuring cvsd

The defaults in /etc/cvsd/cvsd.conf are okay, but can be less than desirable. Make sure that RootJail is set to wherever the chroot jail you built is, and the repository is the directory where the repository is relative to the chroot jail. Set maxconnections to whatever you desire, and make sure that Uid and Gid are set to cvsd. If you are lacking an already-built cvsd.conf file, here is mine:

Example 1. My cvsd.conf

Uid cvsd
Gid cvsd
PidFile /var/run/cvsd.pid
RootJail /cvs
MaxConnections 10
Nice 1
Listen * 2401
Repos /root
Limit coredumpsize 0

3.3. Adding anonymous access

It's back to configuring CVS, but don't worry, we are almost there! We have to edit a couple of necessary files to allow for anonymous access. First, making sure you aren't in the CVS directory, check out the CVSROOT module:

# cvs -d /cvs/root checkout CVSROOT

Now edit the file READERS. Create it if it isn't there, and add a line that reads "anonymous".


You NEED to have an extra line at the end of the file!

The file READERS is a list of users who have read-only access to the CVS repository. People with write access are listed in the file WRITERS. Read the cvs manual [1] for more information on these files.

Now commit the repository with the command below. We assume that your current working directory is CVSROOT. If it isn't, forget the cd step.

# cd ../
# cvs -d /cvs/root commit

You should now get a message that says something like Re-building administrative files, which means that it was successful.

One last step and we're all done! Run the following command, and when prompted for a password, just press ENTER:

# cvsd-passwd /cvs/root anonymous

Congratulations! You now have secure, anonymous CVS Pserver access to the repository!

3.4. Not quite done yet! Changing lock file locations

There is one small feature here that is really beyond the scope of this Mini-HOWTO but is worth noting nonetheless. It is the ability to change the directory where the Pserver will place lock files.

Normally the Pserver will place lock files in the same directory as the files that you are trying to check out, but this can cause permissions mayhem. Step back to when we built the chroot jail for cvsd; we also created the directory var/lock. This is where we will place the lockfiles instead.

So use the following example, replacing /cvs with wherever your chroot environment is, and var with wherever the locks are going to be placed. Mine are placed in var/lock, and there is nothing else under var, so a chown -R is safe. Also, replace the cvsd user and group ids with the user and group ids that cvsd runs as.

# cd /cvs
# chown -R cvsd:cvsd var
# chmod -R 775 var
# cd
# cvs -d /cvs/root checkout CVSROOT

Now we want to edit the file config. Change lock dir to the directory you want the locks to be placed, in our case /var/lock.


Note that this applies to the Pserver AS WELL AS THE NON-CHROOT SSH LOGIN METHOD! Ensure that this directory is not only in existence, but that you can write to it as well, relative to your root directory. This is why I have chosen /var/lock, because it satisfies those conditions.

Now commit the changes:

# cd ../
# cvs -d /cvs/root commit

And that's it!



info cvs, if you have the stand-alone info viewer installed on your system

The Linux Tutorial completely respects the rights of authors and artists to decide for themselves if and how their works can be used, independent of any existing licenses. This means if you are the author of any document presented on this site and do no wish it to be displayed as it is on this site or do not wish it to be displayed at all, please contact us and we will do our very best to accommodate you. If we are unable to accommodate you, we will, at your request, remove your document as quickly as possible.

If you are the author of any document presented on this site and would like a share of the advertising revenue, please contact us using the standard Feedback Form.




Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.08 Seconds