[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Experiences with cvstrac and ultimately pserver protocol
From: |
Karl-König Königsson |
Subject: |
Experiences with cvstrac and ultimately pserver protocol |
Date: |
Fri, 07 Feb 2003 08:53:21 +0100 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212 |
Hi all,
I just had a scary few hours with CVS that I wanted to share with you.
My point with this blatant self-exposure is that I tried to find
information regarding this problem in the list archives, in the FAQ, in
the manual, in the Fogel book and on the web but to no avail. I suspect
that this might be of interest to at least somebody... :-)
I run a fairly large project where the current CVS database is somewhere
in the vicinity of 1.8 GiB in size. I regularly try out different tools
to see what new means I can have to check the status of the project as
well as provide relevant info to the developers.
The other day I ran across a nice thing called cvstrac
(http://www.cvstrac.org/) which I thought looked promising. I
subsequently downloaded it and ran it as an unpriviliged user. I set it
up and tried it out; added myself as a user and this is where the
problems started. I did not know this at this stage, of course. I found
out a few hours later when everybody started calling me and asking what
was going on.
_Please note, this is not a problem with cvstrac per se, but with me not
reading all available info thougroughly. Cvstrac is lacking docs in the
distro but this is not an excuse, mearly an observation._
The problems encountered were two: the first was that noone could add or
change files but one developer. They all got a message back stating that
cvs [server aborted]: "commit" requires write access to the repository
The second was that I could not login to cvs at all (which everybody
else could). The last problem was really weird since I could see my
username and password in the system's "secure" log, that is the AUTHPRIV
log, and the password was correct it was still not accepted. Odd. This
was the log entry:
cvs: login failure by koenig / XXXXXX (for /opt/projekt/cvsrep)
What happened was that cvstrac wrote two files in my CVSROOT, passwd and
writers, and this was the source of the problems. You see, by adding
myself to cvstrac I got added to the passwd file. Since I chose a
different password for what I thought was the seb interface in cvstrac
than my regular login one, was the effect that I could not log in to
cvs. Furthermore, since cvstrac also wrote the writers file, and that
one only contained my username, were all but the one present in this
file (me) denied access to the server.
So, after removing the offending files and entries I got things back to
normal, and the lesson learned was:
o read docs thouroughly
o if no docs, try out on a test installation
o the call chain in pserver is this:
check CVSROOT/passwd file first, then /etc/passwd
if there is a writers file present, only allow those in it to write,
otherwise it is free for all
And the one guy who was not affected by this problem at all, you ask?
Turned out that he was not using pserver after all but accessed the cvs
repository with ssh...
A nice day to all!
Karl-Koenig Koenigsson
--
KALAMI (n.)
The ancient Eastern art of being able to fold road-maps properly.
(The Meaning of Liff, Douglas Adams)
- Experiences with cvstrac and ultimately pserver protocol,
Karl-König Königsson <=