Tutorial pour la mise en oeuvre d'un serveur CVS
Login as "root":
(1) Get xinetd package installed
(2) Get cvs package installed
(3) Create a group CVS
(4) Create a user cvsroot and assign it to CVS group, the home directory for user cvsroot should now be at /home/cvsroot.
(5) $gedit /etc/services
and look for "cvspserver". There should be 2 lines like:
cvspserver 2401/tcp # CVS client/server operations
cvspserver 2401/udp # CVS client/server operations
If there are no such lines, add them into /etc/services.
(6) In /etc/xinet.d/, look for file "cvs", if there is no such file, create it.
Edit the file /etc/xinet.d/cvs and make it look like:
# default: off
# description: The CVS service can record the history of your source \
# files. CVS stores all the versions of a file in a single \
# file in a clever way that only stores the differences \
# between versions.
service cvspserver
{
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/bin/cvs
server_args = -f --allow-root=/home/cvsroot pserver
}
(7) $/etc/init.d/xinetd restart
(8) In "System"->"Administration"->"Security Level and Firewall", add firewall exception of port "2401" corresponding to "cvspserver" service, and also remember to "Modify SELinux policy"->"SELinux Service Protection"->"Disable ELinux Service Protection for cvs".
This step is proved to be very important!
Login as "cvsroot":
(9) $cvs -d /home/cvsroot init
(10) $cd /home/cvsroot
(11) $chmod 771 CVSROOT
CVSROOT is a directory automatically generated under /home/cvsroot.
At this time, all local real system users can log into CVS server with their own passwords.
If you want to disable local real system users' login, you can do by:
(12) $ chmod 644 /home/cvsroot/CVSROOT/config
$ vi $CVSROOT/CVSROOT/config
Here you need to uncomment the line where #SystemAuth = yes. And set SystemAuth = no.
Then now your system users cannot use CVS service with their own system passwords, except you assign them manually in file /home/cvsroot/CVSROOT/passwd.
(13) To control user access in CVS, there are three files in /home/cvsroot/CVSROOT/, respectively named passwd, readers, writers. The file readers and writers are not there by default, so you have to create them manually.
In file "passwd", ithere stores the shadow files for username and password, following the rule:
{cvs usrname}:[encrypted pwd]:[equivalent system usrname]
where the second field is encrypted with crypt(3), just like in /etc/shadow.
The thrid field equivalent system usrname means the corresponding system priviledge the cvs usrname has.
In file "readers", there stores the list of cvs usrnames of whom you want to enable to only have read acess.
Similarly, in file "writers", there stores the list of cvs usrnames of whom you want to enable to only have read acess.
Now, let us suppose we have CVS users "henry", "betty", "anonymous". And we don't want to give them system access, which means the corresponding system priviledge the cvs usrnames have are all null. So, we need to create an equivalent system user, which names "cvspub", who has no system priviledge at all.
$ useradd -g CVS -M -s /sbin/nologin cvspub
Then edit file "passwd", make it like:
henry:$fajkdpaieje:cvspub
betty:fjkal;ffjieinfn/:cvspub
anonymous::cvspub
Now suppose we want to let henry has write acess while betty and anonymous only have read acess.
Then edit file "readers", make it like:
betty
anonymous
And edit file "writers", make it like:
henry
Then it is all finished.
(14) Test login:
$export CVSROOT=:pserver:henry@the_server_name:/home/cvsroot
$ cvs login
(System will ask for password for henry)
Passwd:xxxxxxxx
There should be no error when you have successfully login to the CVS server.
Problem:
cvs [login aborted]: unrecognized auth response from brachial.umn.edu: cvs pserver: cannot open /home/cvsroot/CVSROOT/config: Permission denied
Solution:
In "System"->"Administration"->"Security Level and Firewall", add firewall exception of port "2401" corresponding to "cvspserver" service, and also remember to "Modify SELinux policy"->"SELinux Service Protection"->"Disable ELinux Service Protection for cvs".
This step is proved to be very important!
Problem:
cvs import: cannot open /root/.cvsignore: Permission denied
Solution:
Add "-f" to the arguments for cvs in /etc/xinet.d/cvs:
server_args = -f --allow-root=/home/cvsroot pserver