How to set up a cvs server
June 17th, 2005On more than one occasion I've needed to set up a cvs password server on a linux machine. To save myself some time in the future, I've decided to document the procedure I used when setting it up on my linux server running Fedora core 3. The instructions should work on any RedHat distribution.
Please note that this article describes how to set up a CVS server accessed via the pserver protocol. This protocol is insecure, as it transfers passwords in plain text. A more secure approach is to access CVS via SSH with public key authorization, but that method is not described here.
-
Check to see if cvs installed.
$ rpm -q cvs
If you see "package cvs not installed" you will need to install cvs before proceeding. Otherwise you should see something similar to "cvs-1.11.17-1".
-
Login in as root.
-
Create a user (and group) called cvs.
# groupadd cvs # useradd -m -g cvs -d /var/cvs cvs
This will create a user called cvs with a default group called cvs and whose home directory is /var/cvs.
-
Login as the cvs user. Since we haven't set a password for the cvs user, just su to cvs from root.
# su - cvs
-
Create a repository In this example we will create a repository called "test".
$ cvs -d /var/cvs/test init
-
Login in as root again.
-
Create tcp service for the cvs pserver. Edit the /etc/services file and add the following line if it does not already exists:
cvspserver 2401/tcp #CVS PServer
This identifies the port the CVS server will use. In most Linux/Unix installations, this is already defined.
-
Create a xinetd entry for the service. Create a file called cvspserver in the /etc/xinetd.d directory. Put the following into the file:
service cvspserver { socket_type = stream protocol = tcp wait = no user = cvs group = cvs groups = yes server = /usr/bin/cvs server_args = --allow-root=/var/cvs/test pserver disable = no }If you created multiple repositories, add an additional
--allow-root=repository_pathargument for each repository. -
Restart xinetd so the changes become active.
# /etc/rc.d/init.d/xinetd restart
-
Login as the cvs user.
# su - cvs
-
Create a utility to generate cvs passwords. Use the following perl script to generate cvs passwords.
#!/usr/bin/perl srand (time()); my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))"; my $salt = sprintf ("%c%c", eval $randletter, eval $randletter); my $plaintext = shift; my $crypttext = crypt ($plaintext, $salt); print "\n"; -
Create a text file called passwd in /var/cvs/test/CVSROOT/. Using the perl script above to encrypt passwords, add users to the passwd file using the format "userid:encrypted-password:cvs". For example:
username1:DX1LqsUDyQqR2:cvs username2:mMddw5aVbLBg.:cvs
The cvs users defined here do not need to have unix accounts. If they do have unix accounts, the passwords defined here should not (for security reasons) be the same as their unix passwords.
-
Set restrictive permissions on the password file.
$ chmod 400 /var/cvs/test/CVSROOT/passwd
-
Try logging into the repository.
$ cvs -d ":pserver:username1@localhost:/var/cvs/test" login
When prompted, enter the username1's password. If there were no error messages, then you successfuly created a cvs server and a repository!