GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index

6.4 cvs

Using cvs over ssh invokes cvs server on the server machine. In the simplest case, the following rule will do to give users access to CVS repositories: 

rule cvs
  match $command ~ "^cvs server"
  set command ~ "s|^cvs|/usr/bin/cvs -f"

However, cvs as of version 1.12.13 does not allow to limit root directories that users are allowed to access. It does have --allow-root option, but unfortunately this option is ignored when invoked as cvs server. To restrict possible roots, we have to run cvs in a chrooted environment. Let’s suppose we created an environment for cvs in directory /var/cvs, with the cvs binary located in /var/cvs/bin and repository root directory being /var/cvs/cvsroot. Then, we can use the following rule: 

rule cvs
  match $command ~ "^cvs server"
  set [0] = "/bin/cvs"
  chroot "/var/cvs"

GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index

This document was generated on January 2, 2022 using makeinfo.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.