.\" $OpenBSD: cvsd.8,v 1.3 2004/09/27 12:16:06 jfb Exp $ .\" .\" Copyright (c) 2004 Jean-Francois Brousseau .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote products .\" derived from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd May 16, 2004 .Dt CVSD 8 .Os .Sh NAME .Nm cvsd .Nd Concurrent Versions System daemon .Sh SYNOPSIS .Nm cvsd .Op Fl dfhpv .Op Fl c Ar config .Op Fl g Ar group .Op Fl r Ar cvsroot .Op Fl s Ar sockpath .Op Fl u Ar user .Sh DESCRIPTION The .Nm daemon manages access to a CVS repository. It provides a much more secure alternative to the traditional client-server model commonly used by .Xr cvs 1 through various mechanisms described below. .Pp On startup, .Nm spawns a child process that chroots to the CVS repository's root directory. Both processes then drop privileges to user and group .Ic _cvsd . Once this is done, the child process loads the list of ACLs and opens a local socket on which it listens for requests. The parent process' only purpose is to answer requests for things outside of the child's jail. .Pp .Nm provides a way to apply Access Control Lists on the modules based on operation, path, tags and users. In order to enforce ACLs and prevent users from modifying the files in the repository directly, all of the files within the repository should be owned by the user and group .Ic _cvsd and should only be writable by the user. .Pp The options are as follows: .Bl -tag -width "-s sockpath" .It Fl c Ar config Use .Ar config as the startup configuration file instead of the default one. .It Fl d Start the server with debugging enabled. This option overrides the .Fl v option. .It Fl f Stay in foreground instead of performing the usual operations to become a daemon. This causes all log messages to be printed on standard input or standard error, depending on the priority of each message. .It Fl g Ar group Drop group privileges to the group name or GID specified by .Ar group instead of the default group. .It Fl h Print information about the server's usage and exit. .It Fl p On startup, perform a check on the whole contents of the CVS repository to check file permissions and ownership, and print warnings for any files or directories that do not match the expected permission masks. When running with this option, .Nm will exit with an error message if any of the files have permissions that are too open. .It Fl r Ar cvsroot Use .Ar cvsroot as the CVS repository's root directory. .It Fl s Ar sockpath Use the path specified by .Ar sockpath as the file to bind to for the local socket. .It Fl u Ar user Drop user privileges to the username or UID specified by .Ar user instead of the default user. .It Fl v Be verbose. .Sh FILES .Bl -tag -width /var/run/cvsd.sock -compact .It Pa /etc/cvsd.conf Standard configuration file for the server. .It Pa /var/run/cvsd.pid Process ID of the currently running .Nm . .It Pa /var/run/cvsd.sock Default listening socket for incoming cvs requests. .El .Sh SEE ALSO .Xr cvs 1 , .Xr rcs 1 , .Xr cvsd.conf 5 , .Xr rcsfile 5 .Sh HISTORY The .Nm server appeared as part of the OpenCVS project. .Sh AUTHORS .An Jean-Francois Brousseau