| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sources.redhat.com/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Message-Id: | <002101c1a97b$77885720$ce113e9b@LSIL.COM> |
| From: | "Phil Dempster" <dempster AT lsil DOT com> |
| To: | <cygwin AT cygwin DOT com> |
| Cc: | "Geoff Soutter" <gsoutter AT molten DOT com DOT au>, |
| "'Charles Wilson'" <cwilson AT ece DOT gatech DOT edu> | |
| Subject: | ntsec+inetd+cvspserver (was CVS PServer problem) |
| Date: | Wed, 30 Jan 2002 10:46:48 -0000 |
| MIME-Version: | 1.0 |
| X-Priority: | 3 |
| X-MSMail-Priority: | Normal |
| X-Mailer: | Microsoft Outlook Express 6.00.2600.0000 |
| X-MimeOLE: | Produced By Microsoft MimeOLE V6.00.2600.0000 |
Hi folks, I've managed to get CVS pserver running on Win2K (ntsec) and am in the process of preparing some documentation for it. I'm trying to grasp just how the user ID switching works when CVS is spawned from inetd. I've found that it is not necessary to specify the user as `root' in inetd.conf, for example `Guest' will suffice. #/etc/inetd.conf cvspserver stream tcp nowait Guest /usr/bin/cvs cvs -f --allow-root=/usr/local/cvsroot pserver I'd hoped that would make it a lot harder for anyone with malicious intent to gain access via pserver. However, I'm not convinced that isn't a bogus assumption. Does anything spawned from inetd run as the same uid as inetd itself (i.e. System)? I also have CVS users set up to use the Guest account (passwords in example below are `sandwich' and `scratchings' respectively - I was hungry when I set it up) #/usr/local/cvsroot/CVSROOT/passwd bacon:KcFlgmzfPVIV.:Guest pork:JdSFwtTuy8Uk.:Guest One of the recommended was of setting up CVS pserver is, I believe, to have `cvs' and `cvsadmin' user accounts on the server PC, with normal multi-user access using the (lower permission) `cvs' account. I've effectively done this by having the administrative files owned by `Administrator' and the rest of the repository owned by `Guest'. However, it seems to be possible to checkout CVSROOT and commit changes to the administrative files (their ownership is then set to Guest). This seems like unhealthy behaviour. As a separate issue, although remote CVS pserver operations work correctly, I get the message `cvs commit: reading from xx.xx.xx.xx: Connection reset by peer'. I'm wondering if this is related to the issue described here: http://www.cvshome.org/cyclic/cvs/dev-sigpipe.txt. Suggestions or constructive comments welcome. Cheers, Phil -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |