From owner-freebsd-questions@FreeBSD.ORG Tue Sep 14 19:06:41 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BB3716A4CE for ; Tue, 14 Sep 2004 19:06:41 +0000 (GMT) Received: from smtp.istop.com (dci.doncaster.on.ca [66.11.168.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DB9A43D1F for ; Tue, 14 Sep 2004 19:06:40 +0000 (GMT) (envelope-from login@istop.com) Received: from istop.com (ns.istop.com [66.11.168.199]) by smtp.istop.com (Postfix) with SMTP id D4EC717C0FE; Tue, 14 Sep 2004 15:06:37 -0400 (EDT) Date: Tue, 14 Sep 2004 15:06:37 -0400 (EDT) To: From: X-Mailer: TWIG 2.7.6 In-Reply-To: <1094898458.2225.21.camel@localhost> X-Remote-IP: 67.69.27.58 Message-Id: <20040914190637.D4EC717C0FE@smtp.istop.com> Subject: Re: Validating virtual cvs users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 19:06:41 -0000 Good afternoon! Something unique .... trying to describe the best I can. Please reply back if it is not clear or need additional details/info. Environment ( On cvs server side): # uname -a FreeBSD host.domain.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com :/usr/obj/usr/src/sys/GENERIC i386 # cvsd -V cvsd 1.0.0 Written by Chris Black, Philippe Kehl and Arthur de Jong. ... # ps auxw | grep cvsd cvsd 541 0.0 0.0 1300 704 ?? INs 2Sep04 0:00.06 /usr/local/sbin/cvsd -f /usr/local/etc/cvsd/cvsd.conf # id cvsd uid=1010(cvsd) gid=1010(cvsd) groups=1010(cvsd) # id john id: john: no such user I have setup cvs server and working as expected with one problem as described down. The cvs remote user authentication is based on $CVSROOT/CVSROOT/passwd file located on cvs server. The format of the passwd file is john:tkdUrXsqy9r5A:cvsd Here john is virtual user to cvs server and his password is encrypted using crypt.pl script and cvsd is a user with cvsd group on the cvs server which is running cvsd process. So all the repositories are chowned to cvsd:cvsd with 775 permissions. I guess 755 may be needed only. The problem is that in the past, we used to validate the remote "cvs login" user against a local account on the cvs server and all accounts who are member of that group (for example cvsd) can do "cvs checkout" and "cvs commit" successfully. Prior to "cvs commit", we were calling a script/watchdog called "commitcheck" which was validating a "cvs login" user against a system's local account on the cvs server. Now since john is not a user account physically on the cvs server system in my current situation, I have problem validating him since the cvsd is actual who is writing to repositories. Yes, the logs are still have john in the headers indicating him initiate "cvs commint" to distinguish him from other cvs users. How do I validate this virtual user so that he can "cvs commit" successfully. When I stick "john" in the "commitcheck" script, he is being rejected since "cvsd" is a user who can write to repositories via cvsd process. Anyone has done such type of validation before. I am sure there is out one. I wish, I have a small email. Thank you! S. Mohammad [ login@istop.com ]