cvsd commit: MODIFIED: . ...

[Commits of the cvsd project <cvsd-commits [at] lists.arthurdejong.org>]

User: arthur
Date: 10/12/24 15:25:52

Modified:    . FAQ
Log:
update FAQ from website


Revision  Changes    Path
1.23      +48 -36    cvsd/FAQ

Index: FAQ
===================================================================
RCS file: /home/arthur/devel/repos/cvsd/FAQ,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -b -r1.22 -r1.23
--- FAQ 13 Aug 2010 20:31:50 -0000      1.22
+++ FAQ 24 Dec 2010 14:25:52 -0000      1.23
@@ -13,21 +13,22 @@
  5. setgroups: Operation not permitted
  6. cvsd: no such user
  7. pam failed to release authenticator
- 8. Is cvs required for running cvsd?
- 9. What should I put in the chroot directory?
-10. How can I run commands from loginfo/commitinfo/...?
-11. How do I add extra debugging?
-12. What about running cvs pserver as root?
-13. How do I file a bug report?
-14. Should I start the cvsd program as the cvsd user?
-15. How about logging?
-16. Why are tcp wrappers not working?
-17. Why can't I combine some Listen options?
-18. How do I enable syslog inside the chroot jail?
-19. Interrupted system call
-20. cannot create_adm_p /tmp/cvs-serv5153/... Permission denied
-21. Will you implement a reload in the init script?
-22. Will you pass -R (readonly) to cvs?
+ 8. open /dev/null failed
+ 9. Is cvs required for running cvsd?
+10. What should I put in the chroot directory?
+11. How can I run commands from loginfo/commitinfo/...?
+12. How do I add extra debugging?
+13. What about running cvs pserver as root?
+14. How do I file a bug report?
+15. Should I start the cvsd program as the cvsd user?
+16. How about logging?
+17. Why are tcp wrappers not working?
+18. Why can't I combine some Listen options?
+19. How do I enable syslog inside the chroot jail?
+20. Interrupted system call
+21. cannot create_adm_p /tmp/cvs-serv5153/... Permission denied
+22. Will you implement a reload in the init script?
+23. Will you pass -R (readonly) to cvs?
 
  1. How secure is cvsd?
 
@@ -106,14 +107,24 @@
     If you really want to use PAM to do the authentication you should copy all
     needed PAM modules and configuration files into the chroot directory.
 
- 8. Is cvs required for running cvsd?
+ 8. cvs commands fail with "open /dev/null failed Permission denied" and
+    cvsd-buildroot reports "creating /var/lib/cvsd/dev devices... FAILED
+    (unable to use devices)"
+
+    The cvs pservers needs to open several devices (most notably /dev/null)
+    for handling requests. The file system on which the chroot jail was
+    created needs to suppoed these device entries. This means that the file
+    system should not be mounted with the "nodev" option. The "noexec" mount
+    option will also cause problems.
+
+ 9. Is cvs required for running cvsd?
 
     Yes. cvsd is just a wrapper for running cvs in pserver mode. It runs cvs
     in a chroot jail and possibly sets resource limitations. The complete
     protocol handling is done by cvs although there are some plans to do some
     protocol checking in cvsd.
 
- 9. What should I put in the chroot directory?
+10. What should I put in the chroot directory?
 
     cvsd-buildroot can be used to create a chroot environment on most systems.
     There are however a few things that might also be needed. cvsd-buildroot
@@ -126,7 +137,7 @@
     cvsd-buildroot to fetch the appropriate libraries. Note that if you want
     shell scripts there you should also copy /bin/sh to /var/lib/cvsd/bin.
 
-10. How can I run commands from CVSROOT/{loginfo,commitinfo,...}?
+11. How can I run commands from CVSROOT/{loginfo,commitinfo,...}?
 
     If you want to run commands from files in your CVSROOT directory (e.g.
     mail a notice on commit) you need to have a shell inside the chroot jail.
@@ -139,7 +150,7 @@
     your cvs pserver now may have access to a shell on your system (inside a
     chroot jail and not as root, but a shell none the less).
 
-11. Something is not working, how do I add extra debugging?
+12. Something is not working, how do I add extra debugging?
 
     You can start cvsd with the -d option to print extra debugging information
     to stderr. See the manual page for details. Some more information can be
@@ -151,7 +162,8 @@
     If this produces "Connection refused" or something similar cvsd is not
     listening on the specified port. Check the logfiles for the reason.
     Rerunning cvsd-buildroot may also fix or bring to light some configuration
-    problems.
+    problems. Also a script to check for the most common configuration
+    problems (cvsd-buginfo) is included in the distribution.
     A "last resort tool" is strace (or truss or ptrace depending on your os).
     strace logs all system calls (opening files, changing uid, etc) and can
     provide useful information. Especially if you suspect that some files are
@@ -163,7 +175,7 @@
     '--enable-debug' with ./configure. This currently adds some debugging
     information to the pserver session.
 
-12. What about running cvs pserver as root?
+13. What about running cvs pserver as root?
 
     You may need to run cvs pserver as root when you need user mappings to
     other users than cvsd (for example if you need to have access to the
@@ -173,7 +185,7 @@
     the needed system users. cvsd-buildroot can be used to check if all the
     required system users are known in the chroot jail.
 
-13. How do I file a bug report?
+14. How do I file a bug report?
 
     If you find any bugs or missing features please send email to
     cvsd-users@lists.arthurdejong.org. If you are using the debian package
@@ -186,13 +198,13 @@
     For providing more useful information also see the question on debugging
     above.
 
-14. Should I start the cvsd program as the cvsd user?
+15. Should I start the cvsd program as the cvsd user?
 
     No. If the pserver is set up to be run in a chroot jail the cvsd program
     needs to be started as root. After the chroot() call cvsd changes uid to
     the one specified in the configuration file (probably cvsd).
 
-15. Does cvsd do logging?
+16. Does cvsd do logging?
 
     Logging is configurable from the cvsd.conf configfile. See the cvsd.conf
     manual page for details.
@@ -207,7 +219,7 @@
     Also cvsd can be started with the -d option to print debugging information
     to stderr.
 
-16. Why are tcp wrappers not working?
+17. Why are tcp wrappers not working?
 
     You currently have to enable tcp wrappers during configure time using the
     --with-libwrap option during configure. You can optionally specify the
@@ -218,7 +230,7 @@
     Don't forget that the hosts.allow and hosts.deny need to be located inside
     the chroot jail to be effective.
 
-17. Why can't I combine some Listen options?
+18. Why can't I combine some Listen options?
 
     Some operating systems do not fully support listening for connections on
     the same port with different protocols. E.g. specifying 'Listen 127.0.0.1
@@ -227,19 +239,19 @@
     You may have to play around a bit to get the right combination of listen
     options to get a working solution.
 
-18. How do I enable syslog inside the chroot jail?
+19. How do I enable syslog inside the chroot jail?
 
     If you want to have logging in programs from within your chroot jail you
     have to tell syslogd to listen in the chroot jail also. With most versions
     of syslogd you can add '-a /var/lib/cvsd/dev/log' to your syslogd
     invocation (of cource replace /var/lib/cvsd with the location of your
     chroot jail).
-    On debian systems you should edit /etc/init.d/sysklogd and modify
-    the 'SYSLOGD=""' line to read:
+    On debian systems you should edit /etc/init.d/sysklogd and modify the
+    'SYSLOGD=""' line to read:
     SYSLOGD="-a /var/lib/cvsd/dev/log"
     You may have to check the manual page fof syslogd on your system though.
 
-19. When I run cvsd with debugging enabled I get "select() failed (ignored):
+20. When I run cvsd with debugging enabled I get "select() failed (ignored):
     Interrupted system call"
 
     This is a normal logging event that is common during the execution of
@@ -247,14 +259,14 @@
     (usually the termination of one of the cvs commands) when listening for
     new connections.
 
-20. When I try cvs update I get: "cannot create_adm_p /tmp/cvs-serv5153/...
+21. When I try cvs update I get: "cannot create_adm_p /tmp/cvs-serv5153/...
     Permission denied
 
     This has to do with some changes that were made in cvs. You have to create
     an Emptydir directory in every CVSROOT directory. The cvsd user does not
     need to have write access to this directory.
 
-21. Will you implement a reload in the init script?
+22. Will you implement a reload in the init script?
 
     In short, no (unless you can come up with a very good reason and matching
     implementation).
@@ -266,7 +278,7 @@
     an alias for restart.
     For more information see http://bugs.debian.org/286300.
 
-22. Will you pass -R (readonly) to cvs?
+23. Will you pass -R (readonly) to cvs?
 
     If you pass cvs the -R option it operates in read-only mode with the added
     effect of not making any lock files. This speeds up repository checkouts,
@@ -279,8 +291,8 @@
     Some releases of cvs issue a warning when the -R option is passed,
     breaking the pserver protocol stream. A fix for this has been prepared but
     was rejected:
-    http://lists.gnu.org/archive/html/bug-cvs/2004-08/msg00108.html The
-    patch to cvs is here:
+    http://lists.gnu.org/archive/html/bug-cvs/2004-08/msg00108.html
+    The patch to cvs is here:
     
http://arthurdejong.org/cvsd/cvs-1.12.9-no_readonly_warning_for_pserver.patch.gz.
     The current status is unclear.
     If you want to and are aware of the described consequences you can try


--
To unsubscribe send an email to
cvsd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/cvsd-commits