This section will describe how to set up, administer and secure a CVS server.
We will discuss setting up a CVS server using OpenSSH as the remote access method. Other access methods, including :pserver: and :server: will not be used for write access to the CVS repository. The :pserver: method sends clear text passwords over the network and the :server: method is not supported in all CVS ports. Instructions for anonymous, read only CVS access using :pserver: can be found at the end of this section.
Configuration of our CVS server consists of four steps:
Create a new CVS repository with the following commands, logged in as root:
mkdir /cvsroot &&
chmod 1777 /cvsroot &&
export CVSROOT=/cvsroot &&
cvs init
Import a source module into the repository with the following commands, issued from a user account on the same machine as the CVS repository:
export CVSROOT=/cvsroot &&
cd sourcedir &&
cvs import -m "repository test" cvstest vendortag releasetag
Test access to the CVS repository from the same user account with the following command:
cvs co cvstest
Test access to the CVS repository from a remote machine using a user account that has ssh access to the CVS server with the following commands:
Replace [servername] with the IP address or host name of the CVS repository machine. You will be prompted for the user's shell account password before CVS checkout can continue.
export CVS_RSH=/usr/bin/ssh &&
cvs -d:ext:[servername]:/cvsroot co cvstest
CVS can be set up to allow anonymous read only access using the :pserver: method by logging on as root and executing the following commands:
(grep anonymous /etc/passwd || useradd anonymous -s /bin/false) &&
echo anonymous: > /cvsroot/CVSROOT/passwd &&
echo anonymous > /cvsroot/CVSROOT/readers
If you use inetd, the following command will add the pserver entry to /etc/inetd.conf:
echo "2401 stream tcp nowait root /usr/bin/cvs cvs -f \
--allow-root=/cvsroot pserver" >> /etc/inetd.conf
Issue a killall -HUP inetd to reread the changed inetd.conf file.
If you use xinetd, the following command will add the pserver entry to /etc/xinetd.conf:
cat >> /etc/xinetd.conf << "EOF" service cvspserver { port = 2401 socket_type = stream protocol = tcp wait = no user = root passenv = PATH server = /usr/bin/cvs server_args = -f --allow-root=/cvsroot pserver } EOF
Issue a /etc/rc.d/init.d/xinetd reload to reread the changed xinetd.conf file.
Testing anonymous access to the new repository requires an account on another machine that can reach the CVS server via network. No account on the CVS repository is needed. To test anonymous access to the CVS repository log in to another machine as an unprivileged user and execute the following command:
cvs -d:pserver:anonymous@[servername]:/cvsroot co cvstest
Replace [servername] with the IP address or hostname of the CVS server
mkdir /cvsroot: Create the CVS repository directory.
chmod 1777 /cvsroot: Sticky bit permissions for CVSROOT.
export CVSROOT=/cvsroot: Specify new CVSROOT for all cvs commands.
cvs init: Initialize the new CVS repository.
cvs import -m "repository test" cvstest vendortag releasetag: All source code modules must be imported into the CVS repository before use, with the cvs import command. the -m flags specifies an initial descriptive entry for the new module. the "cvstest" parameter is the name used for the module in all subsequent cvs commands. the "vendortag" and "releasetag" parameters are used to further identify each CVS module and are mandatory whether used or not.
(grep anonymous /etc/passwd || useradd anonymous -s /bin/false): Check for an existing anonymous user and create one if not found.
echo anonymous: > /cvsroot/CVSROOT/passwd : Add the anonymous user to the CVS passwd file, which is unused for anything else in this configuration.
echo anonymous > /cvsroot/CVSROOT/readers: Add the anonymous user to the CVS readers file, a list of users who have read only access to the repository.