| View previous topic :: View next topic |
| Author |
Message |
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
 Posted: Mon Mar 03, 2003 3:04 am Post subject: problem with CVS server ! |
 |
|
I have set a cvs server, this server works, I have it in my /var/log/cvspserver and if I scan my own machine, I can see : | Code: | Port State Service
2401/tcp open cvspserver |
I can make a cvs login without any errors, but when I try to import, I get a problem with setuid...
| Code: | charli@gentoo:/mnt/test$ cvs login
Logging in to :pserver:x-foot@duf.cvsserve.com:2401/home/Arch
CVS password:
lun mar 03 03:48
charli@gentoo:/mnt/test$ cvs import x-foot vendor_tag version_tag
setuid failed: Operation not permitted
lun mar 03 03:48
|
When I try in local mode I get : | Code: | charli@gentoo:/mnt/test$ cvs co Arch
cvs checkout: Updating Arch
cvs checkout: failed to create lock directory for `/home/Arch/x-foot' (/home/Arch/x-foot/#cvs.lock): Permission denied
cvs checkout: failed to obtain dir lock in repository `/home/Arch/x-foot'
cvs [checkout aborted]: read lock failed - giving up
lun mar 03 04:01
|
I have set the rights by : chown -R x-foot:cvs /home/Arch
It's the first time that I try to set a cvs server, and I really need it.....
So if someone have an idea to set a correct setuid and solve this issue... |
|
| Back to top |
|
 |
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Tue Mar 04, 2003 1:54 am Post subject: |
|
|
So, After changes in my /etc/xinetd.d/cvspserver =>
to
It works.
But bye default, the file | Code: | | /etc/xinetd.d/cvspserver |
have :
| Code: | user = cvs
group = cvs |
So is it possible to launch the cvspserver as cvs or I need to launch it as root ?
And another question, I try to chroot the repository by using xinetd, but I get an error, I tried in the /etc/xinetd.d/cvspserver file :
| Code: | service cvspserver
{
disable = no
socket_type = stream
wait = no
user = root
group = cvs
log_type = FILE /var/log/cvspserver
protocol = tcp
env = '$HOME=/home/cvs/CVSROOT'
log_on_failure += USERID
port = 2401
server = /usr/bin/chroot
server_args = /usr/bin/cvs -f --allow-root=/home/cvs pserver
}
|
But with this I get : | Code: | | cvs [login aborted]: unrecognized auth response from duf.cvsserve.com: chroot: cannot change root directory to /usr/bin/cvs: Not a directory |
If someone have an idea !
Last edited by DuF on Tue Mar 04, 2003 2:31 am; edited 1 time in total |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Tue Mar 04, 2003 2:31 am Post subject: |
|
|
if I modify the chroot options in the /etc/xinetd/d/cvspserver like that : | Code: | server = /usr/bin/chroot
server_args = /home cvs -f --allow-root=cvs pserver
|
I got : | Code: | | cvs [login aborted]: unrecognized auth response from duf.cvsserve.com: chroot: cvs: No such file or directory |
I have just test this option, but I think that I'm stupid because maybe with the "--allow-root=/home/cvs" there isn't need to chroot cvs.....
Someone could says to me if I'm stupid or not  ? |
|
| Back to top |
|
|
vericgar
Retired Dev
Joined: 13 Dec 2002
Posts: 79
Location: Spokane, WA
|
| Posted: Tue Mar 04, 2003 7:23 am Post subject: |
|
|
| Quote: |
cvs checkout: failed to create lock directory for `/home/Arch/x-foot' (/home/Arch/x-foot/#cvs.lock): Permission denied |
Make sure the user cvs can write to the directory /home/Arch/x-foot.
_________________
+~+ Sometimes a good ole loving kick is all it needs +~+ |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Tue Mar 04, 2003 2:18 pm Post subject: |
|
|
Yes, the user cvs can write to the directory, because he's the owner and the right are good !
But I have change the owner of /usr/bin/cvs and now I can launch the cvspserver as cvs user !
But before the rights on /usr/bin/cvs was => r-xr-xr-x, so normally, even if the owner was root, with the right r-x for other, normally cvs can launch it....
But now it works with the user cvs owner of /usr/bin/cvs ! |
|
| Back to top |
|
|
chatgris
Guru
Joined: 14 Oct 2002
Posts: 383
Location: Canada
|
| Posted: Thu Mar 13, 2003 9:00 am Post subject: |
|
|
A bit off topic, but duf how did you manage to get where you are now? Is there an ebuild that sets up the xinet.d file or did you set that up manually?
Josh.
_________________
Open your mind. Open your source.
Due credit for avatar from http://www.aikida.net |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Thu Mar 13, 2003 12:45 pm Post subject: |
|
|
So now my server CVS works very fine.
When I emerge xinetd, I got a file cvspserver in /etc/xinetd.d/cvspserver. Just need to edit it and to set disable = no, so when you (re)start xinetd, cvspserver will be launch.
But the configuration of the cvs server need to be set manually, it's not really difficult, but it's very different from other server (like proftpd, apache...) !
If you need some informations, maybe I can help you. |
|
| Back to top |
|
|
chatgris
Guru
Joined: 14 Oct 2002
Posts: 383
Location: Canada
|
| Posted: Thu Mar 13, 2003 8:29 pm Post subject: |
|
|
Hmm, I emerged xinetd, and the only files I got in my /etc/xinet.d directory were..
| Code: | chatgris xinetd.d # ls
README.services chargen-tcp chargen-udp cups-lpd daytime-tcp daytime-udp echo-tcp echo-udp time-tcp time-udp |
I do have cvs installed, I use it daily.. and i tried emerge -s cvs but I didn't see anything like cvspserver to install.
What did you do to get your file there?
Josh.
_________________
Open your mind. Open your source.
Due credit for avatar from http://www.aikida.net |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Thu Mar 13, 2003 9:15 pm Post subject: cvs and xinetd |
|
|
Unfortunately you have to create it manually. Hmm maybe we should submit a patch with a nice cvspserver file for /etc/xinet.d/ that will be installed but set to disable.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
chatgris
Guru
Joined: 14 Oct 2002
Posts: 383
Location: Canada
|
| Posted: Thu Mar 13, 2003 10:13 pm Post subject: |
|
|
I'ma little confused by some of the fields in this file...
| Code: | service cvspserver
{
disable = no
socket_type = stream
wait = no
user = root
group = cvs
log_type = FILE /var/log/cvspserver
protocol = tcp
env = '$HOME=/home/cvs/CVSROOT'
log_on_failure += USERID
port = 2401
server = /usr/bin/chroot
server_args = /usr/bin/cvs -f --allow-root=/home/cvs pserver
}
|
log_on_failure.. what does that do exactly??? it seems like it's incrementing the USERID..
server.. I don't understand what's happenning there but I"m guessing I'll be able to leave it as is?
josh.
_________________
Open your mind. Open your source.
Due credit for avatar from http://www.aikida.net |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Fri Mar 14, 2003 3:51 am Post subject: |
|
|
LOG_ON_FAILURE simply defines what cvspserver (or xinetd) should journalize when the connexion was refused or not established. And the USERID means that it's the informations about the remote user who try to connect which will be log.
With LOG_ON_FAILURE you can use USERID or ATTEMPT or RECORD.
[UPDATE]So you can look my /etc/xinetd.d/cvspserver file as example in my first post, I've just changed : | Code: |
user =cvs
server = /usr/bin/cvs
server_args = -f --allow-root=/home/cvs pserver
|
NB : Sometimes not very good in english, if you don't understand me, I will reformulate 
Last edited by DuF on Fri Mar 14, 2003 11:29 am; edited 1 time in total |
|
| Back to top |
|
|
chatgris
Guru
Joined: 14 Oct 2002
Posts: 383
Location: Canada
|
| Posted: Fri Mar 14, 2003 6:29 am Post subject: |
|
|
I'm having trouble connecting to the cvs server..
What command did you run to get this information
Port State Service
2401/tcp open cvspserver
Josh.
_________________
Open your mind. Open your source.
Due credit for avatar from http://www.aikida.net |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Fri Mar 14, 2003 11:35 am Post subject: |
|
|
| I'm using nmap to scan my own machine and see if the cvs server is waiting for connections on the 2401 tcp port, verigy if in your /etc/xinetd.conf you modified the "only_from" to allow external connections. |
|
| Back to top |
|
|
chatgris
Guru
Joined: 14 Oct 2002
Posts: 383
Location: Canada
|
| Posted: Sun Mar 16, 2003 11:18 pm Post subject: |
|
|
I used nmap to scan my machine and I got the following..
| Code: | Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1596 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
80/tcp open http
1024/tcp open kdm
5432/tcp open postgres
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds |
my /etc/xinetd.conf file is as follows
| Code: | # Sample configuration file for xinetd
2
3 defaults
4 {
5 only_from = 0.0.0.0
6 instances = 60
7 log_type = SYSLOG authpriv info
8 log_on_success = HOST PID
9 log_on_failure = HOST
10 cps = 25 30
11 }
12
13 includedir /etc/xinetd.d
|
and I have the file cvspserver in /etc/xinetd.d which has the following information.
| Code: | service cvspserver {
2 disable = no
3 socket_type = stream
4 wait = no
5 user = chatgris
6 group = wheel
7 log_type = FILE /var/log/cvspserver
8 protocol = tcp
9 env = '$HOME=/home/chatgris/.cvsroot'
10 log_on_failure += USERID
11 port = 2401
12 server = /usr/bin/cvs
13 server_args = -f --allow-root=/home/cvs pserver
14 }
|
What am I doing wrong?
_________________
Open your mind. Open your source.
Due credit for avatar from http://www.aikida.net |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Mon Mar 17, 2003 12:46 am Post subject: |
|
|
maybe try to delete only_from in the xinetd.conf, this is my /etc/xinetd.conf :
| Code: | localdomain root # cat /etc/xinetd.conf
# Sample configuration file for xinetd
defaults
{
instances = 60
log_type = SYSLOG authpriv info
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
|
|
|
| Back to top |
|
|
chatgris
Guru
Joined: 14 Oct 2002
Posts: 383
Location: Canada
|
| Posted: Mon Mar 17, 2003 12:57 am Post subject: |
|
|
I figured out the problem by looking in the logs (I should do that more often  )
The problem was that I had
| Code: | service cvspserver {
...
}
|
instead of
| Code: | service cvspserver
{
...
}
|
Man that's pretty strict syntax.
Josh.
_________________
Open your mind. Open your source.
Due credit for avatar from http://www.aikida.net |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Mon Mar 17, 2003 2:36 pm Post subject: |
|
|
| yeah, pretty strict syntax, I didn't know that it was strict like that, thanks for the tips ! |
|
| Back to top |
|
|
chatgris
Guru
Joined: 14 Oct 2002
Posts: 383
Location: Canada
|
| Posted: Wed Mar 19, 2003 11:18 am Post subject: |
|
|
CVS HATES ME!!!! 
chatgris@chatgris lost_password $ cvs -d :pserver:chatgris@chatgris.no-ip.com:/home/chatgris/.cvsroot login
Logging in to :pserver:chatgris@chatgris.no-ip.com:2401/home/chatgris/.cvsroot
CVS password:
cvs login: authorization failed: server chatgris.no-ip.com rejected access to /home/chatgris/.cvsroot for user chatgris
The user chatgris is the account that I currently have the cvsroot in.. and I can access the cvs when I am logged in as user chatgris.
MY cvspserver file is as follows.. Any ideas?
| Code: | service cvspserver
{
disable = no
socket_type = stream
wait = no
user = chatgris
group = wheel
log_type = FILE /var/log/cvspserver
protocol = tcp
env = '$HOME=/home/chatgris/.cvsroot/CVSROOT'
log_on_failure += USERID
port = 2401
server = /usr/bin/cvs
server_args = -f --allow-root=/home/chatgris/.cvsroot pserver
} |
Josh.
_________________
Open your mind. Open your source.
Due credit for avatar from http://www.aikida.net |
|
| Back to top |
|
|
doubt
n00b
Joined: 19 Mar 2003
Posts: 7
Location: Missouri
|
| Posted: Thu Mar 20, 2003 12:17 am Post subject: |
|
|
DuF,
I'd rethink your xinetd configuation if I were you. Maybe it's just me but I wouldn't want my pserver to run as user root! You might want to change the user/group for the service to run as cvs:cvs, and reflect the permissions on your cvsroot directory. Just a thought.
Regards. |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Thu Mar 20, 2003 2:25 am Post subject: |
|
|
| doubt wrote: | | I'd rethink your xinetd configuation if I were you..... |
Just look the fourth post of me here :
| DuF wrote: | ....But I have change the owner of /usr/bin/cvs and now I can launch the cvspserver as cvs user !
But before the rights on /usr/bin/cvs was => r-xr-xr-x, so normally, even if the owner was root, with the right r-x for other, normally cvs can launch it.... |
I have already do this, I run my cvspserver with cvs:cvs, but I didn't understand why with the following rights | Code: | | r-xr-xr-x /usr/bin/cvs |
I wasn't able to execute cvs as another user than root and why I needed to change the owner of /usr/bin/cvs.... |
|
| Back to top |
|
|
DuF
Advocate
Joined: 09 Dec 2002
Posts: 2687
Location: Paris
|
| Posted: Thu Mar 20, 2003 2:27 am Post subject: |
|
|
| chatgris wrote: | CVS HATES ME!!!!
chatgris@chatgris lost_password $ cvs -d :pserver:chatgris@chatgris.no-ip.com:/home/chatgris/.cvsroot login
Logging in to :pserver:chatgris@chatgris.no-ip.com:2401/home/chatgris/.cvsroot
CVS password:
cvs login: authorization failed: server chatgris.no-ip.com rejected access to /home/chatgris/.cvsroot for user chatgris
..........
Josh. |
Have you create the passwd file with the name of users that can connect to your cvspserver, in your case chatgris, in /home/chatgris/.cvsroot/CVSROOT ? |
|
| Back to top |
|
|
chatgris
Guru
Joined: 14 Oct 2002
Posts: 383
Location: Canada
|
| Posted: Thu Mar 20, 2003 4:07 am Post subject: |
|
|
Could you tell me where you read that I need to do that? I did just now on your advice put a file there.
| Code: |
chatgris@chatgris CVSROOT $ pwd
/home/chatgris/.cvsroot/CVSROOT
chatgris@chatgris CVSROOT $ cat passwd
chatgris
|
But it doesn't seem to work and I can't find any documentation on it.
Josh.
_________________
Open your mind. Open your source.
Due credit for avatar from http://www.aikida.net |
|
| Back to top |
|
|
Nuwen
Tux's lil' helper
Joined: 20 Mar 2003
Posts: 123
|
| Posted: Thu Mar 20, 2003 9:51 pm Post subject: |
|
|
There's information about the passwd file in the info pages, but it is a bit hidden. What you probably want in this case is:
This tells CVS user chatgris can log in with no password, and maps it to the cvs user account. You can also add a password pretty easily if you installed apache, just use
| Code: | | htpasswd -b -d CVSROOT/passwd <username> <password> |
and add :cvs to the end of the line it generates.
If you don't have that last part, CVS will try to change to some other user when you start it, which is why you had trouble running the pserver as user cvs. |
|
| Back to top |
|
|
thegiorgio
n00b
Joined: 16 Apr 2003
Posts: 11
|
| Posted: Tue Apr 22, 2003 8:22 am Post subject: Generate encrypted password |
|
|
You can use this perl script that i call crypt to generate encrypted password:
| Code: |
#!/usr/bin/perl
srand (time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt ($plaintext, $salt);
print "${crypttext}\n";
|
For example:
"crypt abcd" will return a valid encrypted form for abcd.
"crypt" will return the encrypted for an empty password.
Hope that helps!
_________________
--
Giorgio |
|
| Back to top |
|
|
RexSum
n00b
Joined: 11 Dec 2002
Posts: 19
Location: netherlands
|
| Posted: Sat Jul 19, 2003 11:18 pm Post subject: CVS |
|
|
maybe a bit off topic, but still in the same field, i created the user/group cvs and they own a dir /home/cvsroot. i initialised cvs and everything. after i issue a cvs login and try to import a dir i get an error saying system user cvs does not exist. however it does exist. i used the cvs:cvs mapping in the CVSROOT/passwd file. in my system passwd file i have this
cvs:x:1007:408::/home/cvsroot:/bin/false
and this in /etc/group
cvs:x:408:users,fritz,beimin
here's the exact error
->bash-2.05b$ cvs import cut2 yadda yad
->Fatal error, aborting.
->cvs : no such system user
thanx |
|
| Back to top |
|
|
|
Networking & Security
