[cvsnt] cvs and jails
tony.hoyle at march-hare.com
Thu Mar 15 10:35:25 GMT 2007
jurgen.depicker at let.be wrote:
> Hello to all.
> I jailed all my users with the wonderful jailkit (really, it worked like a
> charm), but now i face troubles with cvs access.
You'd be far better off with the chroot jail functionality of the cvsnt
server, rather than a 3rd party application.
> configured with protocol :ext: or :ssh: . When a client tries to connect
> after being jailed, cvs doesn't work. The cvs repository was outside the
> jail. So i moved the repo inside the jail, as well as the cvsnt binaries.
> To no avail.
To get an external jail to work you'll need all the cvsnt binaries, all
the dependent libraries, and will have to change all the path settings
so they are inside the jail (forcing LD_LIBRARY_PATH, changing all the
root settings, etc.). You'll also need a working PAM configuration
inside the jail, and a mirror of the contents of /etc/cvsnt (and for PAM
to work, /etc/passwd and probably /etc/shadow).
Alternatively using the builtin functionality you only need to put the
files for the repository in there and can leave everything else outside
(assuming you're not bothered about running scripts).
More information about the cvsnt