# problem with CVS server !

## DuF

I have set a cvs server, this server works, I have it in my /var/log/cvspserver and if I scan my own machine, I can see : 

```
Port       State       Service

2401/tcp   open        cvspserver  
```

I can make a cvs login without any errors, but when I try to import, I get a problem with setuid...

```
charli@gentoo:/mnt/test$ cvs login

Logging in to :pserver:x-foot@duf.cvsserve.com:2401/home/Arch

CVS password: 

lun mar 03 03:48 

charli@gentoo:/mnt/test$ cvs import x-foot vendor_tag version_tag

setuid failed: Operation not permitted

lun mar 03 03:48 

```

When I try in local mode I get : 

```
charli@gentoo:/mnt/test$ cvs co Arch  

cvs checkout: Updating Arch

cvs checkout: failed to create lock directory for `/home/Arch/x-foot' (/home/Arch/x-foot/#cvs.lock): Permission denied

cvs checkout: failed to obtain dir lock in repository `/home/Arch/x-foot'

cvs [checkout aborted]: read lock failed - giving up

lun mar 03 04:01 

```

I have set the rights by : chown -R x-foot:cvs /home/Arch

It's the first time that I try to set a cvs server, and I really need it..... 

So if someone have an idea to set a correct setuid and solve this issue...

----------

## DuF

So, After changes in my /etc/xinetd.d/cvspserver => 

```
user = cvs
```

to

```
user = root
```

It works.

But bye default, the file 

```
/etc/xinetd.d/cvspserver
```

 have :

```
user = cvs

group = cvs
```

So is it possible to launch the cvspserver as cvs or I need to launch it as root ?

And another question, I try to chroot the repository by using xinetd, but I get an error, I tried in the /etc/xinetd.d/cvspserver file :

```
service cvspserver

{

        disable         = no

        socket_type     = stream

        wait            = no

        user            = root

        group           = cvs

        log_type        = FILE /var/log/cvspserver

        protocol        = tcp

        env             = '$HOME=/home/cvs/CVSROOT'

        log_on_failure  += USERID

        port            = 2401

        server          = /usr/bin/chroot

        server_args     = /usr/bin/cvs -f --allow-root=/home/cvs pserver

}

```

But with this I get : 

```
cvs [login aborted]: unrecognized auth response from duf.cvsserve.com: chroot: cannot change root directory to /usr/bin/cvs: Not a directory
```

If someone have an idea !Last edited by DuF on Tue Mar 04, 2003 2:31 am; edited 1 time in total

----------

## DuF

if I modify the chroot options in the /etc/xinetd/d/cvspserver like that :

```
        server          = /usr/bin/chroot

        server_args     =  /home cvs -f --allow-root=cvs pserver

```

I got : 

```
cvs [login aborted]: unrecognized auth response from duf.cvsserve.com: chroot: cvs: No such file or directory
```

I have just test this option, but I think that I'm stupid because maybe with the "--allow-root=/home/cvs" there isn't need to chroot cvs.....

Someone could says to me if I'm stupid or not  :Laughing:  ?

----------

## vericgar

 *Quote:*   

> 
> 
> cvs checkout: failed to create lock directory for `/home/Arch/x-foot' (/home/Arch/x-foot/#cvs.lock): Permission denied

 

Make sure the user cvs can write to the directory /home/Arch/x-foot.

----------

## DuF

Yes, the user cvs can write to the directory, because he's the owner and the right are good !

But I have change the owner of /usr/bin/cvs and now I can launch the cvspserver as cvs user !

But before the rights on /usr/bin/cvs was => r-xr-xr-x, so normally, even if the owner was root, with the right r-x for other, normally cvs can launch it....

But now it works with the user cvs owner of /usr/bin/cvs !

----------

## chatgris

A bit off topic, but duf how did you manage to get where you are now?  Is there an ebuild that sets up the xinet.d file or did you set that up manually?

Josh.

----------

## DuF

So now my server CVS works very fine.

When I emerge xinetd, I got a file cvspserver in /etc/xinetd.d/cvspserver. Just need to edit it and to set disable = no, so when you (re)start xinetd, cvspserver will be launch. 

But the configuration of the cvs server need to be set manually, it's not really difficult, but it's very different from other server (like proftpd, apache...) !

If you need some informations, maybe I can help you.

----------

## chatgris

Hmm, I emerged xinetd, and the only files I got in my /etc/xinet.d directory were..

```
chatgris xinetd.d # ls

README.services  chargen-tcp  chargen-udp  cups-lpd  daytime-tcp  daytime-udp  echo-tcp  echo-udp  time-tcp  time-udp
```

I do have cvs installed, I use it daily..  and i tried emerge -s cvs but I didn't see anything like cvspserver to install.

What did you do to get your file there?

Josh.

----------

## kashani

Unfortunately you have to create it manually. Hmm maybe we should submit a patch with a nice cvspserver file for /etc/xinet.d/ that will be installed but set to disable.

kashani

----------

## chatgris

I'ma  little confused by some of the fields in this file...

```
service cvspserver 

 { 

         disable         = no 

         socket_type     = stream 

         wait            = no 

         user            = root 

         group           = cvs 

         log_type        = FILE /var/log/cvspserver 

         protocol        = tcp 

         env             = '$HOME=/home/cvs/CVSROOT' 

         log_on_failure  += USERID 

         port            = 2401 

         server          = /usr/bin/chroot 

         server_args     = /usr/bin/cvs -f --allow-root=/home/cvs pserver 

 } 

 
```

log_on_failure.. what does that do exactly???  it seems like it's incrementing the USERID..

server..  I don't understand what's happenning there but I"m guessing I'll be able to leave it as is?

josh.

----------

## DuF

LOG_ON_FAILURE simply defines what cvspserver (or xinetd) should journalize when the connexion was refused or not established. And the USERID means that it's the informations about the remote user who try to connect which will be log.

With LOG_ON_FAILURE you can use USERID or ATTEMPT or RECORD.

[UPDATE]So you can look  my /etc/xinetd.d/cvspserver file as example in my first post, I've just changed : 

```

        user             =cvs

        server          = /usr/bin/cvs

        server_args     = -f --allow-root=/home/cvs pserver

```

NB : Sometimes not very good in english, if you don't understand me, I will reformulate  :Wink: Last edited by DuF on Fri Mar 14, 2003 11:29 am; edited 1 time in total

----------

## chatgris

I'm having trouble connecting to the cvs server.. 

What command did you run to get this information

Port       State       Service 

 2401/tcp   open        cvspserver 

Josh.

----------

## DuF

I'm using nmap to scan my own machine and see if the cvs server is waiting for connections on the 2401 tcp port, verigy if in your /etc/xinetd.conf you modified the "only_from" to allow external connections.

----------

## chatgris

I used nmap to scan my machine and I got the following..

```
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

Interesting ports on localhost (127.0.0.1):

(The 1596 ports scanned but not shown below are in state: closed)

Port       State       Service

21/tcp     open        ftp

80/tcp     open        http

1024/tcp   open        kdm

5432/tcp   open        postgres

6000/tcp   open        X11

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
```

my /etc/xinetd.conf file is as follows

```
# Sample configuration file for xinetd

      2

      3 defaults

      4 {

      5         only_from      = 0.0.0.0

      6         instances      = 60

      7         log_type       = SYSLOG authpriv info

      8         log_on_success = HOST PID

      9         log_on_failure = HOST

     10         cps            = 25 30

     11 }

     12

     13 includedir /etc/xinetd.d

```

and I have the file cvspserver in /etc/xinetd.d which has the following information.

```
service cvspserver {

      2           disable         = no

      3           socket_type     = stream

      4           wait            = no

      5           user            = chatgris

      6           group           = wheel

      7           log_type        = FILE /var/log/cvspserver

      8           protocol        = tcp

      9           env             = '$HOME=/home/chatgris/.cvsroot'

     10           log_on_failure  += USERID

     11           port            = 2401

     12           server          = /usr/bin/cvs

     13           server_args     = -f --allow-root=/home/cvs pserver

     14 }

```

What am I doing wrong?

----------

## DuF

maybe try to delete only_from in the xinetd.conf, this is my /etc/xinetd.conf :

```
localdomain root # cat /etc/xinetd.conf 

# Sample configuration file for xinetd

defaults

{

        instances      = 60

        log_type       = SYSLOG authpriv info

        log_on_success = HOST PID

        log_on_failure = HOST

        cps            = 25 30

}

includedir /etc/xinetd.d

```

----------

## chatgris

I figured out the problem by looking in the logs (I should do that more often  :Smile:   )

The problem was that I had

```
service cvspserver {

   ...

}

```

instead of

```
service cvspserver

{

   ...

}

```

Man that's pretty strict syntax.

Josh.

----------

## DuF

yeah, pretty strict syntax, I didn't know that it was strict like that, thanks for the tips !

----------

## chatgris

CVS HATES ME!!!!   :Crying or Very sad: 

chatgris@chatgris lost_password $ cvs -d :pserver:chatgris@chatgris.no-ip.com:/home/chatgris/.cvsroot login

Logging in to :pserver:chatgris@chatgris.no-ip.com:2401/home/chatgris/.cvsroot

CVS password:

cvs login: authorization failed: server chatgris.no-ip.com rejected access to /home/chatgris/.cvsroot for user chatgris

The user chatgris is the account that I currently have the cvsroot in..  and I can access the cvs when I am logged in as user chatgris.

MY cvspserver file is as follows..  Any ideas?

```
service cvspserver

{

   disable         = no

   socket_type     = stream

   wait            = no

   user            = chatgris

   group           = wheel

   log_type        = FILE /var/log/cvspserver

   protocol        = tcp

   env             = '$HOME=/home/chatgris/.cvsroot/CVSROOT'

   log_on_failure  += USERID

   port            = 2401

   server          = /usr/bin/cvs

   server_args     = -f --allow-root=/home/chatgris/.cvsroot pserver

}
```

Josh.

----------

## doubt

DuF,

  I'd rethink your xinetd configuation if I were you.  Maybe it's just me but I wouldn't want my pserver to run as user root!  You might want to change the user/group for the service to run as cvs:cvs, and reflect the permissions on your cvsroot directory.  Just a thought.

Regards.

----------

## DuF

 *doubt wrote:*   

>  I'd rethink your xinetd configuation if I were you.....

 

Just look the fourth post of me here :

 *DuF wrote:*   

> ....But I have change the owner of /usr/bin/cvs and now I can launch the cvspserver as cvs user !
> 
> But before the rights on /usr/bin/cvs was => r-xr-xr-x, so normally, even if the owner was root, with the right r-x for other, normally cvs can launch it....

 

I have already do this, I run my cvspserver with cvs:cvs, but I didn't understand why with the following rights 

```
r-xr-xr-x /usr/bin/cvs
```

I wasn't able to execute cvs as another user than root and why I needed to change the owner of /usr/bin/cvs....

----------

## DuF

 *chatgris wrote:*   

> CVS HATES ME!!!!  
> 
> chatgris@chatgris lost_password $ cvs -d :pserver:chatgris@chatgris.no-ip.com:/home/chatgris/.cvsroot login
> 
> Logging in to :pserver:chatgris@chatgris.no-ip.com:2401/home/chatgris/.cvsroot
> ...

 

Have you create the passwd file with the name of users that can connect to your cvspserver, in your case chatgris, in /home/chatgris/.cvsroot/CVSROOT ?

----------

## chatgris

Could you tell me where you read that I need to do that?  I did just now on your advice put a file there.

```

chatgris@chatgris CVSROOT $ pwd

/home/chatgris/.cvsroot/CVSROOT

chatgris@chatgris CVSROOT $ cat passwd

chatgris

```

But it doesn't seem to work and I can't find any documentation on it.

Josh.

----------

## Nuwen

There's information about the passwd file in the info pages, but it is a bit hidden.  What you probably want in this case is:

```
chatgris::cvs
```

This tells CVS user chatgris can log in with no password, and maps it to the cvs user account.  You can also add a password pretty easily if you installed apache, just use

```
htpasswd -b -d CVSROOT/passwd <username> <password>
```

and add :cvs to the end of the line it generates.

If you don't have that last part, CVS will try to change to some other user when you start it, which is why you had trouble running the pserver as user cvs.

----------

## thegiorgio

You can use this perl script that i call crypt to generate encrypted password:

```

#!/usr/bin/perl

srand (time());

my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";

my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);

my $plaintext = shift;

my $crypttext = crypt ($plaintext, $salt);

print "${crypttext}\n";

```

For example:

 "crypt abcd" will return a valid encrypted form for abcd.

"crypt" will return the encrypted for an empty password.

Hope that helps!

----------

## RexSum

maybe a bit off topic, but still in the same field, i created the user/group cvs and they own a dir /home/cvsroot. i initialised cvs and everything. after i issue a cvs login and try to import a dir i get an error saying system user cvs does not exist. however it does exist. i used the cvs:cvs mapping in the CVSROOT/passwd file. in my system passwd file i have this 

cvs:x:1007:408::/home/cvsroot:/bin/false

and this in /etc/group

cvs:x:408:users,fritz,beimin

here's the exact error

->bash-2.05b$ cvs import cut2 yadda yad

->Fatal error, aborting.

->cvs : no such system user

thanx

----------

