Validating virtual cvs users

login at istop.com login at istop.com
Tue Sep 14 12:06:41 PDT 2004 

Good afternoon!

Something unique .... trying to describe the best I can.
Please reply back if it is not clear or need additional
details/info.

Environment ( On cvs server side):

# uname -a
FreeBSD host.domain.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0:
Mon Feb 23 20:45:55 GMT 2004 root at wv1u.btc.adaptec.com
:/usr/obj/usr/src/sys/GENERIC  i386

# cvsd -V
cvsd 1.0.0
Written by Chris Black, Philippe Kehl and Arthur de Jong.
...

# ps auxw | grep cvsd
cvsd     541  0.0  0.0  1300  704  ??  INs   2Sep04   0:00.06 
/usr/local/sbin/cvsd -f /usr/local/etc/cvsd/cvsd.conf

# id cvsd
uid=1010(cvsd) gid=1010(cvsd) groups=1010(cvsd)

# id john
id: john: no such user

I have setup cvs server and working as expected with one problem
as described down. The cvs remote user authentication is based on 
$CVSROOT/CVSROOT/passwd file located on cvs server.

The format of the passwd file is john:tkdUrXsqy9r5A:cvsd

Here john is virtual user to cvs server and his password is encrypted
using crypt.pl script and cvsd is a user with cvsd group on the 
cvs server which is running cvsd process. So all the repositories
are chowned to cvsd:cvsd with 775 permissions. I guess 755 may be needed
only.

The problem is that in the past, we used to validate the remote
"cvs login" user against a local account on the cvs server and all accounts 
who are member of that group (for example cvsd) can do "cvs checkout"
and "cvs commit" successfully. Prior to "cvs commit", we were calling 
a script/watchdog called "commitcheck" which was validating a "cvs login" 
user against a system's local account on the cvs server.

Now since john is not a user account physically on the cvs server system
in my current situation, I have problem validating him since the cvsd is 
actual who is writing to repositories. Yes, the logs are still have john
in the headers indicating him initiate "cvs commint" to distinguish him from
other cvs users.

How do I validate this virtual user so that he can "cvs commit" successfully.
When I stick "john" in the "commitcheck" script, he is being rejected 
since "cvsd" is a user who can write to repositories via cvsd process.

Anyone has done such type of validation before. I am sure there is out one.
I wish, I have a small email. Thank you!

S. Mohammad [ login at istop.com ]

More information about the freebsd-questions mailing list