1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
.\" $OpenBSD: cvsd.8,v 1.1 2004/07/13 22:02:40 jfb Exp $
.\"
.\" Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org>
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd May 16, 2004
.Dt CVSD 8
.Os
.Sh NAME
.Nm cvsd
.Nd Concurrent Versions System daemon
.Sh SYNOPSIS
.Nm cvsd
.Op Fl dfpv
.Op Fl a Ar aclfile
.Op Fl r Ar cvsroot
.Op Fl s Ar sockpath
.Sh DESCRIPTION
The
.Nm
daemon manages access to a CVS repository.
It provides a much more secure alternative to the traditional client-server
model commonly used by
.Xr cvs 1
through various mechanisms described below.
.Pp
On startup,
.Nm
spawns a child process that chroots to the CVS repository's root directory.
Both processes then drop privileges to user and group
.Ic _cvsd .
Once this is done, the child process loads the list of ACLs and opens a local
socket on which it listens for requests.
The parent process' only purpose is to answer requests for things outside of
the child's jail.
.Pp
In order to enforce ACLs and prevent users from modifying the files in the
repository directly, all of the files within the repository should be owned
by the user and group
.Ic _cvsd
and should only be writable by the user.
.Pp
The options are as follows:
.Bl -tag -width "-s sockpath"
.It Fl a Ar aclfile
Use
.Ar aclfile
as the source file for the Access Control Lists to apply on the repository.
.It Fl d
Start the server with debugging enabled.
This option overrides the
.Fl v
option.
.It Fl f
Stay in foreground instead of performing the usual operations to become
a daemon.
This causes all log messages to be printed on standard input or standard
error, depending on the priority of each message.
.It Fl p
On startup, perform a check on the whole contents of the CVS repository to
check file permissions and ownership, and print warnings for any files or
directories that do not match the expected permission masks.
When running with this option,
.Nm
will exit with an error message if any of the files have permissions that are
too open.
.It Fl r Ar cvsroot
Use
.Ar cvsroot
as the CVS repository's root directory.
.It Fl s Ar sockpath
Use the path specified by
.Ar sockpath
as the file to bind to for the local socket.
.It Fl v
Be verbose.
.Sh FILES
.Bl -tag -width /var/run/cvsd.sock -compact
.It Pa /var/run/cvsd.pid
Process ID of the currently running
.Nm .
.It Pa /var/run/cvsd.sock
Default listening socket for incoming cvs requests.
.El
.Sh SEE ALSO
.Xr cvs 1 ,
.Xr rcs 1 ,
.Xr rcsfile 5 ,
.Xr cvsacl 5
.Sh HISTORY
The
.Nm
server appeared as part of the OpenCVS project.
.Sh AUTHORS
.An Jean-Francois Brousseau
|