Running a CVS server

Running a CVS server

This section will describe how to set up, administer and secure a CVS server.

Setting up a CVS server.

We will discuss setting up a CVS server using OpenSSH as the remote access method. Other access methods, including :pserver: and :server: will not be used for write access to the CVS repository. The :pserver: method sends clear text passwords over the network and the :server: method is not supported in all CVS ports. Instructions for anonymous, read only CVS access using :pserver: can be found at the end of this section.

Configuration of our CVS server consists of four steps:

1. Create a repository.

Create a new CVS repository with the following commands, logged in as root:

mkdir /cvsroot &&
chmod 1777 /cvsroot &&
export CVSROOT=/cvsroot &&
cvs init

2. Import source code into the repository.

Import a source module into the repository with the following commands, issued from a user account on the same machine as the CVS repository:

export CVSROOT=/cvsroot &&
cd sourcedir &&
cvs import -m "repository test" cvstest vendortag releasetag

3. Verify local repository access.

Test access to the CVS repository from the same user account with the following command:

cvs co cvstest

4. Verify remote repository access.

Test access to the CVS repository from a remote machine using a user account that has ssh access to the CVS server with the following commands:

Note: Replace [servername] with the IP address or host name of the CVS repository machine. You will be prompted for the user's shell account password before CVS checkout can continue.

export CVS_RSH=/usr/bin/ssh &&
cvs -d:ext:[servername]:/cvsroot co cvstest

Configuring CVS for anonymous read only access.

CVS can be set up to allow anonymous read only access using the :pserver: method by logging on as root and executing the following commands:

(grep anonymous /etc/passwd || useradd anonymous -s /bin/false) &&
echo anonymous: > /cvsroot/CVSROOT/passwd &&
echo anonymous > /cvsroot/CVSROOT/readers

If you use inetd, the following command will add the pserver entry to /etc/inetd.conf:

echo "2401  stream  tcp  nowait  root  /usr/bin/cvs cvs -f \
        --allow-root=/cvsroot pserver" >> /etc/inetd.conf

Issue a killall -HUP inetd to reread the changed inetd.conf file.

If you use xinetd, the following command will add the pserver entry to /etc/xinetd.conf:

cat >> /etc/xinetd.conf << "EOF"
     service cvspserver
     {
          port        = 2401
          socket_type = stream
          protocol    = tcp
          wait        = no
          user        = root
          passenv     = PATH
          server      = /usr/bin/cvs
         server_args = -f --allow-root=/cvsroot pserver
     }
EOF

Issue a killall -HUP xinetd to reread the changed xinetd.conf file.

Testing anonymous access to the new repository requires an account on another machine that can reach the CVS server via network. No account on the CVS repository is needed. To test anonymous access to the CVS repository log in to another machine as an unprivileged user and execute the following command:

cvs -d:pserver:anonymous@[servername]:/cvsroot co cvstest

Note: Replace [servername] with the IP address or hostname of the CVS server

Command explanations

mkdir /cvsroot: Create the CVS repository directory.

chmod 1777 /cvsroot: Sticky bit permissions for CVSROOT.

export CVSROOT=/cvsroot: Specify new CVSROOT for all cvs commands.

cvs init: Initialize the new CVS repository.

cvs import -m "repository test" cvstest vendortag releasetag: All source code modules must be imported into the CVS repository before use, with the cvs import command. the -m flags specifies an initial descriptive entry for the new module. the "cvstest" parameter is the name used for the module in all subsequent cvs commands. the "vendortag" and "releasetag" parameters are used to further identify each CVS module and are mandatory whether used or not.

(grep anonymous /etc/passwd || useradd anonymous -s /bin/false): Check for an existing anonymous user and create one if not found.

echo anonymous: > /cvsroot/CVSROOT/passwd : Add the anonymous user to the CVS passwd file, which is unused for anything else in this configuration.

echo anonymous > /cvsroot/CVSROOT/readers: Add the anonymous user to the CVS readers file, a list of users who have read only access to the repository.