Nethence Documentation Lab Webmail Your IP BBDock  


Those documents are obsolete, please use the Nethence Documentation instead.

HomeUnixWindowsOracleObsoleteHardwareDIYMechanicsScriptsConfigsPrivate

CVS server configuration with RHEL
 
Requirements
The ‘cvs’ package contains both, the server and the client. On RHEL5,
rpm -q cvs cvs-inetd xinetd
on RHEL6 (the xinetd configuration file for cvs is included in the main package),
rpm -q cvs xinetd
 
Initializing the CVS repository
Initialize the repository and set a GUID on it.
cd /data/
cvs -d /data/cvsroot/ init
groupadd cvs
chown -R root:cvs cvsroot/
chmod -R g+srw cvsroot/
ls -al cvsroot/
cd /
ln -s data/cvsroot
Note. Absolute path is required for the cvs init command (otherwise it tries to resolve).
 
System authentication
Add the CVS users to the 'cvs' group,
cd /etc/
vi group
Note. If you are using the SSH daemon AllowGroups configuration feature, then you should also add your CVS users to that SSH group.
 
The pserver method
This method permits you to modify the source without authenticating each time through SSH. Also, it permits you to enable anonymous and read-only access to the repository quite simply. Those features are also realisable with SSH but it's not so straightforward (SSH without a password and supposedly a custom shell).
 
The cvs service needs to be defined,
grep 2401 /etc/services
 
Enable the service with xinetd,
cd /etc/xinetd.d/
cp cvs cvs.dist
vi cvs
change,
disable = no 
env = HOME=/cvsroot 
server_args = -f --allow-root=/cvsroot pserver
and add,
log_on_success += USERID DURATION
log_on_failure += HOST USERID
Note. if you want xinetd to log to some file instead of syslog,
#log_type = FILE /var/log/cvs.log
 
Apply,
service xinetd restart
chkconfig xinetd on
netstat -an --inet --inet6 | grep 2401
 
To enable anonymous and read-only access to the CVS repository,
useradd -M -s /sbin/nologin anoncvs
cd /cvsroot/CVSROOT/
ls -l passwd readers
echo 'anoncvs:' >> passwd
echo 'anoncvs' > readers
Note. 'CVSROOT/config' defaults to '#SystemAuth=yes' which allows you to stay in sync and be compatible with the SSH method.
 
Virtual users (pserver only) also called “CVS based authentication” 
But if you want to enable CVS based authentication,
cd /tmp/
cvs co CVSROOT
cd CVSROOT/
vi config
add,
SystemAuth=no
apply,
cvs commit
Ref. http://www.yuonlamp.com/setup_cvsserver.html
 
Create cvs user and group,
groupadd cvs
useradd -s /sbin/nologin -g cvs -M -d /cvsroot cvs
 
Add those parameters to the xinetd configuration,
cd /etc/xinetd.d/
vi cvs
add/change,
user = cvs
group = cvs
 
Edit the virtual users with htpasswd,
cd /cvsroot/CVSROOT/
htpasswd -c passwd YOU_USERNAME
then fix the 'passwd' file to conform to the standard (see below). Or with crypt.pl,
cd ~/
mkdir -p bin/
cd bin/
wget http://pbraun.nethence.com/code/security/crypt.pl
chmod +x crypt.pl
./crypt.pl YOUR_PASSWORD
then copy/paste the hash into the 'passwd' file which need to look like this:
VIRTUAL_USERNAME:PASSWORD_HASH:cvs
Note. last field corresponds to the UNIX user, which is 'cvs' on RHEL for CVS bases authentication
Note. UNIX users will be rejected, even if you add them to the cvs group to access /cvsroot/ folder.
 
Fix the file permissions,
chown -R cvs:cvs /cvsroot/
chown cvs:cvs /cvsroot/CVSROOT/passwd
chown cvs:cvs /cvsroot/CVSROOT/readers
chmod 400 /cvsroot/CVSROOT/passwd
chmod 400 /cvsroot/CVSROOT/readers
 
Eventually restart the service,
service xinetd restart
 
The SSH method (system authentication only)
No need to enable the cvs service within xinetd, everything goes through SSH to proceed locally. But you can keep xinetd/cvs enabled to provide both usages.
 
Server troubleshooting
If you still get this error while trying to connect to the CVS service (pserver mode),
2401 failed: Connection refused
==> make sure you enabled the cvs service with xinetd (disable=no).
 
References
CVS Configuration on RedHat Linux 6.0
HOW-TO Install and Configure a CVS Repository Server
Setting Up A CVS Project
CVS is out, Subversion is in
Starting a project with CVS
http://www.mail-archive.com/info-cvs@nongnu.org/msg00831.html
http://www.debian-administration.org/articles/72
http://www.debian-administration.org/articles/186
 
Other references
http://www.linuxfromscratch.org/blfs/view/6.3/server/cvsserver.html
http://www.linuxfromscratch.org/blfs/view/svn/server/cvsserver.html
http://cvsbook.red-bean.com/cvsbook.html#The_Password-Authenticating_Server
http://tldp.org/HOWTO/Secure-CVS-Pserver/setuptools.html
http://www.faqs.org/docs/Linux-mini/Secure-CVS-Pserver.html
http://arthurdejong.org/cvsd/faq.html#secure
 

Last update: Mar 22, 2013