[cvsnt] cvs and jails

Tony Hoyle tony.hoyle at march-hare.com
Thu Mar 15 10:35:25 GMT 2007

jurgen.depicker at let.be wrote:
> Hello to all.
> I jailed all my users with the wonderful jailkit (really, it worked like a 
> charm), but now i face troubles with cvs access.

You'd be far better off with the chroot jail functionality of the cvsnt 
server, rather than a 3rd party application.

> configured with protocol :ext: or :ssh: .  When a client tries to connect 
> after being jailed, cvs doesn't work.   The cvs repository was outside the 
> jail.  So i moved the repo inside the jail, as well as the cvsnt binaries. 
>  To no avail.

To get an external jail to work you'll need all the cvsnt binaries, all 
the dependent libraries, and will have to change all the path settings 
so they are inside the jail (forcing LD_LIBRARY_PATH, changing all the 
root settings, etc.).  You'll also need a working PAM configuration 
inside the jail, and a mirror of the contents of /etc/cvsnt (and for PAM 
to work, /etc/passwd and probably /etc/shadow).

Alternatively using the builtin functionality you only need to put the 
files for the repository in there and can leave everything else outside 
(assuming you're not bothered about running scripts).


More information about the cvsnt mailing list