This section will describe how to set up, administer and secure a CVS server.
A CVS server will be set up using OpenSSH as the remote access method. Other access methods, including :pserver: and :server: will not be used for write access to the CVS repository. The :pserver: method sends clear text passwords over the network and the :server: method is not supported in all CVS ports. Instructions for anonymous, read only CVS access using :pserver: can be found at the end of this section.
Configuration of the CVS server consists of four steps:
Create a new CVS repository with the following commands:
mkdir /srv/cvsroot && chmod 1777 /srv/cvsroot && export CVSROOT=/srv/cvsroot && cvs init
Import a source module into the repository with the following commands, issued from a user account on the same machine as the CVS repository:
cd<sourcedir>
&& cvs import -m "<repository test>
"<cvstest>
<vendortag>
<releasetag>
Test access to the CVS repository from the same user account with the following command:
cvs co cvstest
Test access to the CVS repository from a remote machine using a user account that has ssh access to the CVS server with the following commands:
Replace <servername>
with the IP
address or host name of the CVS repository machine. You will be
prompted for the user's shell account password before CVS
checkout can continue.
export CVS_RSH=/usr/bin/ssh &&
cvs -d:ext:<servername>
:/srv/cvsroot co cvstest
CVS can be set up to allow anonymous read only access using the
:pserver: method by logging on as root
and executing the following commands:
(grep anonymous /etc/passwd || useradd anonymous -s /bin/false -u 98) && echo anonymous: > /srv/cvsroot/CVSROOT/passwd && echo anonymous > /srv/cvsroot/CVSROOT/readers
If you use inetd, the
following command will add the CVS
entry to /etc/inetd.conf
:
echo "2401 stream tcp nowait root /usr/bin/cvs cvs -f \ --allow-root=/srv/cvsroot pserver" >> /etc/inetd.conf
Issue a killall -HUP
inetd to reread the changed inetd.conf
file.
If you use xinetd,
the following command will create the CVS file as /etc/xinetd.d/cvspserver
:
cat >> /etc/xinetd.d/cvspserver << "EOF"
# Begin /etc/xinetd.d/cvspserver
service cvspserver
{
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
server_args = -f --allow-root=/srv/cvsroot pserver
}
# End /etc/xinetd.d/cvspserver
EOF
Issue a /etc/rc.d/init.d/xinetd
reload to reread the changed xinetd.conf
file.
Testing anonymous access to the new repository requires an account on another machine that can reach the CVS server via network. No account on the CVS repository is needed. To test anonymous access to the CVS repository, log in to another machine as an unprivileged user and execute the following command:
cvs -d:pserver:anonymous@<servername>
:/srv/cvsroot co cvstest
Replace <servername>
with the IP
address or hostname of the CVS server.
mkdir /srv/cvsroot: Create the CVS repository directory.
chmod 1777
/srv/cvsroot: Set sticky bit permissions for
CVSROOT
.
export
CVSROOT=/srv/cvsroot: Specify new CVSROOT
for all cvs commands.
cvs init: Initialize the new CVS repository.
cvs import -m "repository test"
cvstest vendortag releasetag: All source code
modules must be imported into the CVS repository before use, with
the cvs import
command. The -m
flags specifies an
initial descriptive entry for the new module. The cvstest
parameter is the name used for the module
in all subsequent cvs
commands. The vendortag
and
releasetag
parameters are used to
further identify each CVS module and are mandatory whether used or
not.
(grep anonymous /etc/passwd ||
useradd anonymous -s /bin/false -u 98): Check for
an existing anonymous
user and
create one if not found.
echo anonymous: >
/srv/cvsroot/CVSROOT/passwd: Add the anonymous
user to the CVS passwd file, which is
unused for anything else in this configuration.
echo anonymous >
/srv/cvsroot/CVSROOT/readers: Add the anonymous
user to the CVS readers file, a list
of users who have read only access to the repository.
Last updated on 2007-04-04 14:42:53 -0500