From owner-freebsd-hubs Sun Feb 3 21:56:23 2002 Delivered-To: freebsd-hubs@freebsd.org Received: from christel.heitec.net (christel.heitec.net [193.101.232.3]) by hub.freebsd.org (Postfix) with ESMTP id 4573437B41A for ; Sun, 3 Feb 2002 21:56:20 -0800 (PST) Received: from heitec.net (paladin.heitec.net [193.101.232.30]) by christel.heitec.net (Postfix) with ESMTP id 995F3B8208; Mon, 4 Feb 2002 06:56:18 +0100 (CET) Date: Mon, 04 Feb 2002 06:56:18 +0100 From: Bernd Luevelsmeyer Reply-To: adminmail@heitec.net X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: hubs@FreeBSD.org Cc: adminmail@heitec.net Subject: Re: FTP mirror; anonymous CVS References: <20020130043616.BD197B8206@christel.heitec.net> <20020130131414.I81625@atrbg11.informatik.tu-muenchen.de> <20020201044900.3B8C9B8101@christel.heitec.net> <20020201100953.A90046@atrbg11.informatik.tu-muenchen.de> <20020201130459.74650B8101@christel.heitec.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20020204055618.995F3B8208@christel.heitec.net> Sender: owner-freebsd-hubs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bernd Luevelsmeyer wrote: > I'm trying to chroot it into the CVSROOT directory. I got it chrooted, but I won't install it that way. To have a chrooted cvs, you need to have a statically linked cvs binary and put it into the $CVSROOT. You also need /dev/null and a temporary directory there, and a /etc/spwd.db containing the users cvs will be running as (only nobody in my case). I don't want to clutter the repository with all that, lest cvsup might export it to its clients. It's bad enough to have 'readers' and 'passwd' in $CVSROOT/CVSROOT already. (I still find it's an attractive idea though.) Just for your information, if you *do* want a chrooted cvs, you can have it along these lines: # create kernel with portalfs mkdir /p mount_portalfs /etc/portal.conf /p cd $CVSROOT cp $cvs_static . mkdir dev mknod c 2 2 dev/null ; chmod 666 dev/null mkdir etc cat >etc/master.passwd # users go here # (can have password '*', no home and no shell) pwd_mkdb -d etc etc/master.passwd mkdir tmp chmod 1777 tmp while true cd $CVSROOT chroot . /cvs_static -R -l -f -T /tmp --allow-root=/\ pserver <> /p/tcplisten/ANY/2401 >&0 done The while loop should, of course, be started in a /usr/local/etc/rc.d script. You can make the cvs binary suid some_user if only some_user will be using cvs; otherwise, cvs must be started as root. If you don't want a portalfs, you can start a script with the cd and chroot lines in inetd.conf. Greetings, B. Luevelsmeyer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hubs" in the body of the message