Using CVS with the IDE

I’m trying to get the Momentics IDE to work with cvs. From a shell I can
login in, checkout stuff and logout so I beleive the server is set up
correctly.

In the IDE however, I can browse the repository (so it does connect but
when I try to checkout anything the IDE reports back:

:cvs server:cannot open /root/.cvsingnore:Permision denied
:cvs [server aborted]: can’t chdir[/root]:Permission denied

Anyone know what I’m doing wrong?

Carey

Carey L. Duran <cduran@harscotrack.com> wrote:
CLD > I’m trying to get the Momentics IDE to work with cvs. From a shell I can
CLD > login in, checkout stuff and logout so I beleive the server is set up
CLD > correctly.

CLD > In the IDE however, I can browse the repository (so it does connect but
CLD > when I try to checkout anything the IDE reports back:

CLD > :cvs server:cannot open /root/.cvsingnore:Permision denied
CLD > :cvs [server aborted]: can’t chdir[/root]:Permission denied

CLD > Anyone know what I’m doing wrong?

When cvs is run from inetd it is being run by the root user ID.
When CVS runs it checks, among other things, the .cvsignore file in the
home directory of the user who’s running it. But by this time cvs has
already changed it’s effective user ID to be that of the client. I.E.
it doesn’t have permission to look in root’s home directory for this
file.

Solution:

Put a .cvsignoe file somewhere where everyone can access it and create
a processor link to it. I.E.

touch /.cvsignore

chmod 664 /.cvsignore

ln -Ps /.cvsignore /root/.cvsignore

Bill Caroselli <qtps@earthlink.net> wrote:
BC > Carey L. Duran <cduran@harscotrack.com> wrote:
BC > CLD > I’m trying to get the Momentics IDE to work with cvs. From a shell I can
BC > CLD > login in, checkout stuff and logout so I beleive the server is set up
BC > CLD > correctly.

BC > CLD > In the IDE however, I can browse the repository (so it does connect but
BC > CLD > when I try to checkout anything the IDE reports back:

BC > CLD > :cvs server:cannot open /root/.cvsingnore:Permision denied
BC > CLD > :cvs [server aborted]: can’t chdir[/root]:Permission denied

BC > CLD > Anyone know what I’m doing wrong?

BC > When cvs is run from inetd it is being run by the root user ID.
BC > When CVS runs it checks, among other things, the .cvsignore file in the
BC > home directory of the user who’s running it. But by this time cvs has
BC > already changed it’s effective user ID to be that of the client. I.E.
BC > it doesn’t have permission to look in root’s home directory for this
BC > file.

BC > Solution:

BC > Put a .cvsignoe file somewhere where everyone can access it and create
BC > a processor link to it. I.E.

BC > # touch /.cvsignore
BC > # chmod 664 /.cvsignore
BC > # ln -Ps /.cvsignore /root/.cvsignore

BTW, I’ve done a lot of work lately with CVS. It has quite a few
security related shortcomings. This is just one of them. Although,
I actually consider this a bug. If it can change the effective user ID
to something specific, it should look in that user’s home directory
for the .cvsignore file.

Another issue is that CVS assumes that after you import a project to
a repository, that you will change it’s group to the group that you
want to own/access this project. But POSIX does not allow any one but
root to give away ownership of a file. My solution for this has been
to have a seperate repository for each group that you want to allow to
access CVS.

Thanks for the helpful comments. Its working now. (with the security
shortcomings you mentioned.)

Fortunately we only have five developers in house to the risk isn’t
particularly a concern.

Carey