cvsd(8) System Manager's Manual cvsd(8)NAME
cvsd - chroot wrapper to run 'cvs pserver' more securely.
cvsd is a wrapper program for cvs in pserver mode. it will run 'cvs pserver' under a special uid/gid in a chroot jail.
cvsd is run as a daemon and is controlled through a configuration file (see cvsd.conf(5) ). It is relatively easy to configure and tools
are provided for easily setting up a chroot jail (see cvsd-buildroot(8) ) and managing repositories (see cvsd-passwd(8) ).
See the README for more information and details to setting up a chroot jail and repositories.
cvsd accepts the following options:
Use FILE as configfile (default is /etc/cvsd/cvsd.conf).
Enable debugging mode. cvsd will not put itself in the background and sends verbose debugging info to stderr. Otherwise cvsd
handles connections as usual. This option is for debugging purposes only.
--help Display short help and exit.
Output version information and exit.
SEE ALSO cvsd.conf(5)cvsd-buildroot(8)cvsd-passwd(8)FILES
/etc/cvsd/cvsd.conf - the configuration file (see cvsd.conf(5) )
Arthur de Jong <email@example.com>.
Version 1.0.24 Jun 2012 cvsd(8)
Check Out this Related Man Page
cvsd.conf(5) System Manager's Manual cvsd.conf(5)NAME
cvsd.conf - configuration file for cvsd.
The file cvsd.conf contains the configuration information for running 'cvsd' (see cvsd(8) ). The file contains options, one on each line,
specifying the workings of cvsd.
This specifies the location of the chroot jail cvs should be run in. This directory should be initialized with the cvsd-buildroot
script so it contains all the proper directories and binaries. If this option is not present in the configuration file or a value
of 'none' (without quotes) is specified cvsd will run in the normal file system root.
This specifies which user id cvs should be run as. This can be a numerical id or a symbolic value. If no uid is specified cvsd
will run under the uid it is started with.
This specifies which group id cvs should be run as. This can be a numerical id or a symbolic value. If no gid is specified cvsd
will run under the gid it is started with.
This should be set to the location where the cvs command is located. Note that if you set up a RootJail this is relative to that
directory, but should still start with a '/'. If you do not define this a default of '/bin/cvs' will be used if a chroot jail has
been configured and otherwise it will be set '/usr/bin/cvs'.
Additional arguments to be passed to the cvs command, in addition to the default ones. You can pass the -R option to put cvs in
read-only mode. Note that not all options can be used in pserver mode and error messages are not always very friendly.
This specifies the nice value (on most systems ranging from -20 to 20) where the smaller the number (more negative) the higher the
priority. If no value is specified the nice level of the program will not be altered.
This specifies a umask used by the cvs pserver when creating files. Specify as an octal value. If no value is specified the
default umask of 027 will be used.
Limit resource value
Limits use of a certain resource to the cvs process. Note that resource limits will be set on the executed cvs command and not for
the daemon. Resource may be one of:
maixmum filesize of a coredump
maximum amount of seconds cputime consumed
maximum size of program's data segment
maximum size of files created
maximum amount of locked memory
maximum number of open files (file descriptors)
maximam number of processes (per user? max. children?)
maximum size of resident memory
maximum stack size
maximum amount of virtual memory allocated
number of threads that the process may create
Note that not all systems may support all resources specified here. If no limits are defined no extra limits will be enforced. If
the system already specified limits for processes it may not be possible to broaden the limits.
A value (resource limit) that is a size can be specified with a suffix of 'b' (bytes), 'k' (1024 bytes) or 'm' (1024*1024 bytes),
where 'k' is default.
Plain number values can also have the 'k' and 'm' suffixes, but the default is just the plain number.
Time values can be formatted as 'mm:ss' or have a 'm' or 's' suffix where 's' is default.
This specifies the location the process id of the daemon is written. If no PidFile is specified the pid will not be written.
/var/run/cvsd.pid is a good location for a pidfile.
Listen address port
This options specifies which addresses and ports cvsd should listen on for connections. The address value can be '*' (for binding
all addresses) or a symbolic (host name), dotted quad or ipv6 address. The port value can be a numeric port number or a well known
service ('cvspserver'). This option can be supplied multiple times. The address and port fields can be combined in the usual ways
by separating them with a ':' or a '.', optionally surrounding the address part by square brackets ('[' and ']').
# listen on all interfaces and all protocols on port 2401
Listen * 2401
# listen on IPv6 port 100
Listen :: 100
# listen on localhost
Listen localhost cvspserver
# listen on an ipv6 address
This specifies the maximum number of connections that can be handled simultaneously. When the value 0 (the default) is supplied no
limit is used.
Log scheme/file logvelel
This option specifies the way logging is done. As first argument either none, syslog or a file name beginning with a '/' may be
specified. The second argument is optional and specifies the loglevel. The loglevel may be one of: crit, error, warning, notice,
info (default) or debug. All messages with the specified loglevel and higher are logged. This option can be supplied multiple
times. If this option is omitted syslog info is assumed.
This option specifies which repositories can be used. The value is passed as a --allow-root=path parameter to cvs. The path should
be relative to the specified RootJail and should start with a '/'. This option can be supplied multiple times, but should be
specified at least once.
/etc/cvsd/cvsd.conf - default location for the configuration file
/var/run/cvsd.pid (or other localtion) - the file where the process id is saved
SEE ALSO cvsd(8)AUTHOR
Arthur de Jong <firstname.lastname@example.org>.
Version 1.0.24 Jun 2012 cvsd.conf(5)