LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-28-2005, 04:29 PM   #1
bschiett
Member
 
Registered: Feb 2005
Posts: 32

Rep: Reputation: 15
is pserver (CVS) insecure?


hi,

I'm trying to set up a CVS server on my arch linux machine. two problems:

1. I can't figure out how to make the server start at boot time ... it seems there is an xinetd.d directory on my system but I can't find an xinetd.pid file so xinetd is probably not running.. so how to I make CVS pserver start at boot time on arch linux?

2. i read somewhere that pserver is insecure. how do I set up CVS or some other version control system that works securely and reliably over the internet?

thanks in advance!
bert
 
Old 03-28-2005, 09:42 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
(1) Did you install an init script for your CVS server? If not, probably the easiest thing to do is add a line starting it to /etc/rc.d/rc.local (assuming Arch puts the rc.local file in the same place Slack does).

(2) Running any service opens you up to security problems. The best you can do is keep up to date on security patches, monitor your logs, and make sure you haven't made any configuration errors (e.g. system directories accessible or even worse changeable via CVS) that would allow an attacker easy access. There have been some issues with CVS lately, so be sure you're running an up to date version with the latest patches.
 
Old 03-29-2005, 02:10 AM   #3
foo_bar_foo
Senior Member
 
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 52
you run cvs as a service throu xinetd if you intend to run pserver for anonymous read only access
read only is of course secure

for this you will need to start xinetd on boot or whenever
don't know about arch linux but you know
/etc/rc.d/init.d/xinetd start
is what would do it here
you need to have in xinetd config
Code:
service cvspserver
     {
          port        = 2401
          socket_type = stream
          protocol    = tcp
          wait        = no
          user        = root
          passenv     = PATH
          server      = /usr/bin/cvs
          server_args = -f --allow-root=/srv/cvsroot pserver
     }
if you don't need universal read only but just want the real members of the group in there then there is no need to offer the pserver (or server) service at all

give evryone an account on the machine then
just have everyone logon to the server using ssh like this (adjust as needed) you know the commands - this just checks out a project called cvstest
Code:
export CVS_RSH=/usr/bin/ssh &&
cvs -d:ext:[servername]:/srv/cvsroot co cvstest
 
Old 03-29-2005, 04:52 AM   #4
bschiett
Member
 
Registered: Feb 2005
Posts: 32

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by foo_bar_foo
you run cvs as a service throu xinetd if you intend to run pserver for anonymous read only access
read only is of course secure

for this you will need to start xinetd on boot or whenever
don't know about arch linux but you know
/etc/rc.d/init.d/xinetd start
is what would do it here
you need to have in xinetd config
Code:
service cvspserver
     {
          port        = 2401
          socket_type = stream
          protocol    = tcp
          wait        = no
          user        = root
          passenv     = PATH
          server      = /usr/bin/cvs
          server_args = -f --allow-root=/srv/cvsroot pserver
     }
if you don't need universal read only but just want the real members of the group in there then there is no need to offer the pserver (or server) service at all

give evryone an account on the machine then
just have everyone logon to the server using ssh like this (adjust as needed) you know the commands - this just checks out a project called cvstest
Code:
export CVS_RSH=/usr/bin/ssh &&
cvs -d:ext:[servername]:/srv/cvsroot co cvstest

so if I understand correctly, if my linux system is private and I am the only one checking code in/out from various platforms (win, linux, mac osx) with the goal of developing cross platform, there is no reason to start CVS at boot time and no reason at all to run pserver? I can just use CVS over ssh like you mention above? in that case, CVS does not open another port on the system and I can remove the 2401 port line from /etc/services, or does it still need to be there?

thanks!
bert
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Running CVS Server on Fedora Core 4 with pserver as "cvs" user rupak Fedora 2 09-17-2005 03:06 PM
Running CVS Server with pserver as "cvs" user on Fedora Core 4 rupak Linux - Software 2 09-17-2005 01:10 PM
installing cvs pserver harisankar Fedora 1 07-25-2004 01:49 PM
CVS modules can be checked out locally, but not over pserver..what has to be changed? CaptainRandom Programming 2 06-23-2004 09:03 AM
CVS PSERVER setup woe - Fedora Core 2 paulecoyote Linux - Software 0 06-03-2004 02:28 PM


All times are GMT -5. The time now is 07:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration