CVS: moonbase/devel/cvsd DETAILS,NONE,1.1 POST_INSTALL,NONE,1.1

Auke Kok sofar at lunar-linux.org
Sun Nov 2 16:37:05 GMT 2003


Update of /var/cvs/lunar/moonbase/devel/cvsd
In directory dbguin.lunar-linux.org:/tmp/cvs-serv1438/cvsd

Added Files:
	DETAILS POST_INSTALL 
Log Message:
And no, I don't have it working yet. IT"S A BITCH.


--- NEW FILE: DETAILS ---
          MODULE=cvsd
         VERSION=1.0.0
          SOURCE=$MODULE-$VERSION.tar.gz
      SOURCE_URL=http://tiefighter.et.tudelft.nl/~arthur/$MODULE/$SOURCE
      SOURCE_VFY=md5:46749a47ab335b52c647b8f75e53a795
SOURCE_DIRECTORY=$BUILD_DIRECTORY/$MODULE-$VERSION
        WEB_SITE=http://tiefighter.et.tudelft.nl/~arthur/$MODULE/
         ENTERED=20031102
         UPDATED=20031102
           SHORT="A cvs pserver chroot wrapper."
cat << EOF
cvsd is a wrapper program for cvs in pserver mode. It will run 'cvs pserver' under a special uid/gid in a chroot jail.
cvsd is run as a daemon and is controlled through a configuration file. It is relatively easy to configure and tools are provided for setting up a rootjail.

This server can be useful if you want to run a public cvs pserver. You should however be aware of the security limitations of running a cvs pserver. If you want any kind of authentication you should really consider using secure shell as a secure authentication mechanism and transport. Passwords used in cvs pserver are transmitted in plaintext and this wrapper won't change that.

This server adds a layer of security to cvs. cvs is a very powerful tool and is capable of running scripts and other things. By running cvs in a rootjail it is possible to limit the amount of "damage" cvs can do if it is exploited. It is generally a good idea to run cvsd without any write permissions to any directory on the system.
EOF

--- NEW FILE: POST_INSTALL ---
add_priv_user cvsd:cvsd

message ""
message "run 'cvsd-buildroot /var/lib/cvsd' to setup the chroot, then add"
message "your repositories somehow into the chroot jail"
message "more info: http://www.tldp.org/HOWTO/Secure-CVS-Pserver/setuptools.html"




More information about the Lunar-commits mailing list