| «« Version Numbers | Setting Up Ant on Linux »» |
|
About
I'm Ryan Lowe, a Software Engineering graduate living in Ottawa, Canada. I like agile software development and Ruby on Rails.
I write this blog in Canadian English and don't use a spell checker. Typos happen.
Projects
» Full-time Ruby on Rails freelancer
» Full-time with Rails since May 2005 » Former committer for RadRails (now Aptana) » I also have a few Rails side-projects in development: 1. wheretogoinTO.com Toronto nightlife 2. Hey Heads Up! TODO list and sharing 3. Layered Genealogy family history research 4. foos for foosball scoring 5. fanconcert for music fans (on hold) Hiring Rails developers? I can telecommute by the hour from Ottawa, Canada »» Email: rails AT ryanlowe DOT ca
BulletBlog
Now hosted on Hey! Heads Up -- check it out!
Syndication
Pings
Recent
Derek Lowe's (Ryan's older brother) words at Ryan's funeral
blog@ryanlowe.ca no more Forging Email Headers: Good, Bad or Ugly? Sarcastic Dictionary (Part 1 of Many) Tags Hierarchies Twisting Rails is Risky Business Risky Business? My Take on Early Alphas Whoa, it's August 2007 Closing Comments A Postscript to "Growth at the grassroots" »» All Blog Posts
Linkage
del.icio.us/ryanlowe
technorati/ryanlowe.ca/blog Aurora Roy Jim Andrew Trasker Travis Kibbee Karen Dr. Unk Ayana Van Bloggers Joel Spolsky Robert Scoble Tim Bray Dave Winer Raymond Chen James Robertson Ruby/Rails Bloggers rubyonrails.org weblog David Heinemeier Hansson Dave Thomas James Duncan Davidson Mike Clark Jamis Buck Signal vs. Noise Tobias Luetke Amy Hoy: (24)slash7 Jeremy Voorhis Eclipse Bloggers Planet Eclipse EclipseZone Luis de la Rosa Eclipse Foundation Kim Horne Billy Biggs Ian Skerrett Mike Milinkovich Bjorn Freeman-Benson Denis Roy
Archives
  
|
Read-Only CVS Access with pserver
Note: This was a failed attempt to set up pserver. I subsequently succeeded and blogged about it here. I want to give anyone read-only access to the AudioMan CVS repository and it seems like the pserver protocol is the way to do it. Now, pserver is an insecure protocol so it needs to be used in a secure environment. Two secure options are a chroot jail or ssh. ssh is the secure shell that I used for secure CVS access for developers. The difference is that pserver allows anonymous access while the developer access through ssh I set up requires a Linux user for each CVS committer. I'm not sure if Eclipse - the IDE of choice for this project - supports pserver through ssh. A chroot jail limits the damage that a pserver client can do by limiting the file access of the internet services daemon xinetd. Apparently the old daemon inetd wasn't secure and was usually running as root. Exploiting this daemon would give you full access to the machine. Yeah, not too good. So what a chroot jail does is make the directory it uses look like root: /. The rest of the filesystem is hidden and inaccessible to the daemon. So here's how I set up secure anonymous pserver access. I decided to use Juan M. Casillas' Jail Chroot Project to set up the chroot jail. 1. Downloaded Jail to my home directory. NOTE: I'm stalled here. I tried the next steps on CVS in Jail and ended up in the rhubarb. I think Jail is too specialized and doesn't do what I want to do ... it's adding a whole bunch of directories to my cvsroot. I don't think I'm on the right track. I'm posting this for people's comments and I'll update it. If I can't get pserver access working by the end of this week, I'm just going to release the code as part of the 0.1.1 release. It's holding things up too much. References Last updated December 28, 2003 at 11:41 PM EST Comments
|
