| version 1.6, 1997/09/10 07:25:19 |
version 1.7, 1997/10/12 21:52:09 |
|
|
| END-of-Makefile |
END-of-Makefile |
| echo x - README |
echo x - README |
| sed 's/^X//' >README << 'END-of-README' |
sed 's/^X//' >README << 'END-of-README' |
| Xfind enough disk space. |
|
| X you need roughly 300MB. |
|
| X mount it on /open |
|
| X if you are not able to mount it as /open, substitute it's location |
|
| X throughout this description |
|
| X |
|
| Xcompile the anoncvssh binary |
|
| X in the Makefile, change the variable CVSROOT |
|
| X install the binary setuid-root. |
|
| X |
X |
| Xcreate an account: |
X So, you want to run an anoncvs server. |
| X anoncvs::32766:32766:Anonymous CVS User:/open/anoncvs:/open/anoncvssh |
|
| Xyes, that is right. the account has no password. |
|
| X |
X |
| XFor :pserver: support (optional) |
X A summary of the steps you'll need to do is: |
| X - Create an entry in /etc/services |
|
| X cvspserver 2401/tcp # CVS client/server operations |
|
| X - Create an entry in /etc/inetd.conf |
|
| X cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver |
|
| X |
X |
| Xinstall a crontab entry which runs as any user besides anoncvs (ie. run |
X1) Find enough disk space to hold the anoncvs tree, and mount it in an |
| Xit as yourself, or as root). call that user $SUPUSER |
Xappropriate place. |
| X |
X |
| XFor example: To run every three hours 'sup -v supfile', and thrice |
X2) Compile and install anoncvssh, the shell used for the anoncvs user. |
| Xweekly 'sup -vo supfile' .. because sup is not reliable .. |
X ( If you aren't using OpenBSD you'll probably need to compile a sup |
| |
X client as well. The easier path is to use OpenBSD ;) |
| X |
X |
| X0 0,3,6,9,12,15,18,21 * * 0,2,4,5 sup -v /open/anoncvs/sup/ss > /dev/null |
X3) Add the anoncvs user to the password file, with no password, and |
| X0 0,12,15,18,21 * * 1,3,6 sup -v /open/anoncvs/sup/ss > /dev/null |
Xanoncvssh as it's shell. Decide on a user that will run sup to maintain |
| X0 3 * * 1,3,6 sup -vo /open/anoncvs/sup/ss > /dev/null |
Xthe archive (this is a different user, NOT the anoncvs user) |
| X |
X |
| Xanoncvs5.usa.openbsd.org uses this particular set of entries. A `sup |
X4) Make a home directory for the anoncvs user. The anoncvs user's home |
| X-o' is done every few days because sup is not very robust. |
Xdirectory is a chroot jail in which the anoncvssh processes run when |
| |
Xservicing anoncvs requests. The jail must contain the cvs binary and |
| |
Xrelated programs (rcs, etc) as well as whatever shared libraries and |
| |
Xsupport files are needed to run them unless you compile and link |
| |
Xeverything staticly. This example shows what is needed for OpenBSD. If |
| |
Xyou use another platform you'll need to be familiar with what needs |
| |
Xto go in a chroot jail for your platform. |
| X |
X |
| Xthe file /open/sup/ss contains |
X5) Get permission to use sup to obtain the cvs tree from a server. |
| X cvs host=cvs.openbsd.org hostbase=/ base=/open/anoncvs delete |
|
| X |
X |
| Xthe file /open/sup/cvs/refuse should contain the single line |
X6) Set up sup to retrieve the cvs tree from an appropriate place. |
| X cvs/CVSROOT/history |
X (If you aren't using OpenBSD you will need to compile and install |
| Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will |
X a sup client). |
| Xcause you problems. |
|
| X |
X |
| Xon an IRIX or other SYSV machine, ensure that your kernel does not allow |
X7) Run sup to retrieve the distribution from the server |
| Xa user to chown a file to another user. this will cause sup to give away |
|
| Xthe files to root before chmod'ing them readable. michaels@openbsd.org |
|
| Xknows how to fix this. |
|
| X |
X |
| Xmkdir /open/ |
X8) Once you get the distribution in, set up a cron job to run sup |
| |
X periodically to keep your server up to date. |
| |
X |
| |
X********************************************************************** |
| |
XSTEP 1) find enough disk space. |
| |
X you need roughly 500MB. |
| |
X mount it on /open |
| |
X if you are not able to mount it as /open, substitute it's location |
| |
X throughout the rest of this description |
| |
X |
| |
X********************************************************************** |
| |
XSTEP 2) compile the anoncvssh binary |
| |
X in the Makefile, change the variable CVSROOT |
| |
X install the binary setuid-root in /open/anoncvssh. |
| |
X |
| |
X********************************************************************** |
| |
XSTEP 3) Create the anoncvs account. and decide who will run "sup" |
| |
Xto maintain the archive. The anoncvs account should *NOT* be the one |
| |
Xrunning sup to maintain the archive. |
| |
X |
| |
Xcreate an account: |
| |
X anoncvs::32766:32766:Anonymous CVS User:/open/anoncvs:/open/anoncvssh |
| |
Xyes, that is right. the account has no password. |
| |
X |
| |
Xdecide on who will run sup to maintain the archive. call that user $SUPUSER. |
| |
XOh, and in case it hasn't been previously mentioned, $SUPUSER should *NOT* |
| |
Xbe the anoncvs user :) |
| |
X |
| |
X********************************************************************** |
| |
XSTEP 4) Build the anoncvs user's home directory chroot jail. This example |
| |
Xassumes that you're using OpenBSD. If you're not you may need different |
| |
Xfiles in the chroot. |
| |
X |
| Xmkdir /open/anoncvs |
Xmkdir /open/anoncvs |
| Xmkdir /open/anoncvs/cvs |
Xmkdir /open/anoncvs/cvs |
| Xmkdir /open/anoncvs/sup |
Xmkdir /open/anoncvs/sup |
| Xchown -R $SUPUSER /open/anoncvs/cvs /open/anoncvs/sup /open/anoncvs |
Xchown -R $SUPUSER /open/anoncvs/cvs /open/anoncvs/sup /open/anoncvs |
| X |
X |
| Xstart filling the account up with nice stuff |
Xstart filling the account up with nice stuff. You are building a chroot |
| |
Xjail for anoncvs in /open/anoncvs. |
| |
X |
| X cd /open/anoncvs |
X cd /open/anoncvs |
| X touch .hushlogin |
X touch .hushlogin |
| X touch .profile |
X touch .profile |
|
|
| X cp /usr/lib/lib*.so.* usr/lib/ |
X cp /usr/lib/lib*.so.* usr/lib/ |
| X |
X |
| Xas a final pass, make sure that all the files you have just created are |
Xas a final pass, make sure that all the files you have just created are |
| Xnot world writeable (except dev/null) |
Xnot world writable (except dev/null) |
| X |
X |
| Xsend mail to deraadt@openbsd.org |
XFor :pserver: support (optional) |
| X1) to have sup permissions granted. |
X - Create an entry in /etc/services |
| |
X cvspserver 2401/tcp # CVS client/server operations |
| |
X - Create an entry in /etc/inetd.conf |
| |
X cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver |
| |
X |
| |
XSee the example layout below for full details. |
| |
X |
| |
X********************************************************************** |
| |
XSTEP 5): Get sup permission. |
| |
Xsend mail to sup@openbsd.org |
| |
X1) to have sup permissions granted on an appropriate machine for you |
| |
X to sup from. |
| X2) to have an anoncvsN.COUNTRY.openbsd.org alias created |
X2) to have an anoncvsN.COUNTRY.openbsd.org alias created |
| X3) to have your site mentioned in the http://www.openbsd.org page. |
X3) to have your site mentioned in the http://www.openbsd.org page. |
| X |
X |
| XExample layout. In this example "deraadt" is the $SUPUSER. |
X********************************************************************** |
| |
XSTEP 6): Configure sup |
| X |
X |
| |
XIf you're running OpenBSD, you already have a sup client in |
| |
X/usr/bin/sup. If not you may need to build it. On an IRIX or other |
| |
XSYSV machine, ensure that your kernel does not allow a user to chown a |
| |
Xfile to another user (You may have heard of this particular brand of |
| |
Xevil referred to as "chown giveaway"). this will cause sup to give |
| |
Xaway the files to root before chmod'ing them |
| |
Xreadable. michaels@openbsd.org knows how to fix this. |
| |
X |
| |
XThe file /open/sup/ss contains a line that tells sup where to get the |
| |
Xcvs tree from. it can contain *one* of: |
| |
X |
| |
X cvs host=anoncvs1.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete |
| |
X cvs host=cvs.openbsd.org hostbase=/ base=/open/anoncvs delete |
| |
X |
| |
X You should ask which one to use when obtaining sup permission. |
| |
X |
| |
XThe file /open/sup/cvs/refuse tells sup what files it should not get. |
| |
XIt should contain the single line: |
| |
X |
| |
X cvs/CVSROOT/history |
| |
X |
| |
Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will |
| |
Xcause you problems. |
| |
X |
| |
X********************************************************************** |
| |
XSTEP 7): Run sup to retrieve the tree for the first time |
| |
X |
| |
XLog in as or become the $SUPUSER, and run |
| |
X |
| |
Xsup -v /open/anoncvs/sup/ss > /tmp/suplog &; tail -f /tmp/suplog |
| |
X |
| |
XIf you have sup permission, and have specified the correct host and |
| |
Xhostbase in /open/anoncvs/sup/ss you should see a list of files start |
| |
Xcoming in after a short while. Don't panic if nothing happens |
| |
Ximmediately. Watch for errors (sup can timeout or die). If you can't |
| |
Xaccess files contact the sup server maintainer, If you get a timeout |
| |
Xor if sup dies you can restart and it should continue where it left off. |
| |
X |
| |
XIt can take a good while (and a couple of restarts) to obtain the |
| |
Xwhole tree for the first time. |
| |
X |
| |
X********************************************************************** |
| |
XSTEP 8): Set up cron to keep the tree up to date. |
| |
X |
| |
XYou run sup periodically from the cron by setting up the crontab file |
| |
Xof the $SUPUSER. |
| |
X |
| |
XFor example: To run every three hours 'sup -v supfile', and thrice |
| |
Xweekly 'sup -vo supfile' .. because sup is not reliable .. |
| |
X |
| |
X0 0,3,6,9,12,15,18,21 * * 0,2,4,5 sup -v /open/anoncvs/sup/ss > /dev/null |
| |
X0 0,12,15,18,21 * * 1,3,6 sup -v /open/anoncvs/sup/ss > /dev/null |
| |
X0 3 * * 1,3,6 sup -vo /open/anoncvs/sup/ss > /dev/null |
| |
X |
| |
Xanoncvs5.usa.openbsd.org uses this particular set of entries. A `sup |
| |
X-o' is done every few days because sup is not very robust. |
| |
X |
| |
X********************************************************************** |
| |
XEXAMPLE LAYOUT |
| |
X |
| |
XExample layout for OpenBSD. In this example "deraadt" is the $SUPUSER. |
| |
X |
| X[eap open 5 ]> cd /open |
X[eap open 5 ]> cd /open |
| X[eap open 6 ]> ls -alF |
X[eap open 6 ]> ls -alF |
| Xtotal 46 |
Xtotal 46 |
|
|
| X-rw-rw-r-- 1 deraadt wheel 54 Dec 4 1995 ss |
X-rw-rw-r-- 1 deraadt wheel 54 Dec 4 1995 ss |
| X |
X |
| X |
X |
| XThat's pretty much it. |
X*************************************************************** |
| |
XNOTES FOR OTHER PLATFORMS: |
| X |
X |
| |
XIf you're not that familiar with your other platform (i.e. you haven't |
| |
Xbuilt a chroot jail for a server on it) You may be better off |
| |
Xfinding an OpenBSD machine to use. (and duplicating the example above) |
| |
X |
| |
X**SunOS 5) |
| |
XBob Beck <beck@panopticon.ucs.ualberta.ca> has done this. E-mail for |
| |
Xhelp if you need it. |
| |
X |
| |
X**OSF 1) |
| XFrom Todd Fries <toddf@acm.org> to the adventurous. |
XFrom Todd Fries <toddf@acm.org> to the adventurous. |
| XA note for those installing anoncvs on non-OpenBSD operating systems. |
XA note for those installing anoncvs on non-OpenBSD operating systems. |
| XYou are in for some fun. |
XYou are in for some fun. |
![[BACK]](/icons/back.gif){kind=icon}
Return to anoncvs.shar CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www