home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

  Previous section   Next section

8.8 Using inetd with gserver, kserver, and pserver

gserver, kserver, and pserver access modes require a server to run on the repository computer. For these modes, the server is started with inetd or xinetd. inetd is configured in the "Other services" section of /etc/inetd.conf, as shown in Example 8-18 and Example 8-19. Note that the configuration must be all on one line.

Example 8-18. Inetd for gserver and pserver
#:OTHER: Other services
2401 stream tcp nowait root /usr/bin/cvs cvs -f --allow-root=/var/lib/cvs pserver
Example 8-19. Inetd for kserver
#:OTHER: Other services
1999 stream tcp nowait root /usr/bin/cvs cvs -f --allow-root=/var/lib/cvsroot kserver

The gserver access method connects to a pserver CVS server. The code that runs the server end of pserver checks whether it has been connected to with the pserver or gserver access method and runs the appropriate server code.

The parameter to the --allow-root option is the path to the repository root directory. If there will be several different repository root directories, add more --allow-root options.

You can use the -T option or the TMPDIR environment variable to set a specific temporary directory. If no directory is listed, /tmp is used.

It can be useful to run the server as a special user, possibly named cvs, to limit the amount of damage that can be done if one of the arbitrary scripts (or CVS itself) is insecure. If you do this, ensure that the repository root directory and the CVSROOT files start out being owned by the cvs user, and make sure that the cvs user is in all the groups that can use the repository. You also need to ensure that all users run as user cvs, perhaps by having that as the system username in pserver access mode.

If CVS has root privileges, it runs the scripts called from the scripting files as the user who calls CVS, not the user named in inetd, so this is not a special concern.

If your version of inetd doesn't allow you to specify port numbers in inetd.conf, add lines to /etc/services, as shown in Example 8-20. Then use those service names instead of the port numbers in inetd.conf.

Example 8-20. Port services
cvspserver 2401/tcp
cvs 1999/tcp   cvskserver

CVS looks for the cvs service if it is running kserver access mode, and it looks for cvspserver if it is running in gserver or pserver mode. If you installed CVS from a package, CVS may have been modified to use cvskserver. Once inetd.conf is set up, you'll need to restart inetd.

If you use xinetd instead of inetd, you need to create /etc/xinetd.d/cvspserver or /etc/xinetd.d/cvskserver and enter code similar to the code shown in Example 8-21, rather than editing /etc/inetd.conf.

Example 8-21. xinetd
service cvspserver
    port = 2401
    socket_type = stream
    protocol = tcp
    wait = no
    user = root
    passenv = PATH
    server = /usr/bin/cvs
    server-args = -f --allow-root=/var/lib/cvs pserver

The -f, -T, and --allow-root options to the CVS server are the same as they are for inetd. To use the code in Example 8-21 for the kserver access method, change the filename and port and use kserver instead of pserver in the server-args line. If cvspserver or cvskserver are defined in /etc/services, the line that defines the port is not needed.

8.8.1 Client Ports

If you're using pserver or gserver, the client defaults to use port 2401. If your repository server is listening on a different port, specify the port in the repository path or set the CVS_CLIENT_PORT environment variable on the client computer. You can also compile the client with the CVS_AUTH_PORT macro set to the new port.

If you're using kserver, the client defaults to use port 1999. If your repository server is listening on a different port, you can use the repository path or the CVS_CLIENT_PORT environment variable. The CVS_PORT macro sets the default port for kserver mode during compilation.

  Previous section   Next section