===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/anoncvs.shar,v
retrieving revision 1.10
retrieving revision 1.11
diff -c -r1.10 -r1.11
*** www/anoncvs.shar	1998/12/22 22:55:19	1.10
--- www/anoncvs.shar	1999/01/06 22:07:47	1.11
***************
*** 159,164 ****
--- 159,173 ----
  X     cvspserver		2401/tcp		# CVS client/server operations
  X  - Create an entry in /etc/inetd.conf
  X     cvspserver	stream	tcp nowait anoncvs /open/anoncvssh anoncvssh pserver
+ X  - Create a file /open/anoncvs/cvs/CVSROOT/passwd with the following entry
+ X	anoncvs:AHDysQkJIubEc
+ X    which would be a password of "anoncvs" (as per anoncvs.html)
+ X  - Create a file /open/anoncvs/cvs/CVSROOT/readers with a single entry:
+ X	anoncvs
+ X    which tells cvs that user "anoncvs" is allowed readonly access.
+ X  - Create a zero-length file /open/anoncvs/cvs/CVSROOT/writers since you don't
+ X    want anyone to be able to write to the mirror.
+ X	% cp /dev/null /open/anoncvs/cvs/CVSROOT/writers
  X
  XSee the example layout below for full details.
  X
***************
*** 188,196 ****
  X    cvs host=anoncvs1.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete
  X
  XThe file /open/sup/cvs/refuse tells sup what files it should not get.
! XIt should contain the single line:
  X
  X    cvs/CVSROOT/history
  X
  Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will
  Xcause you problems.
--- 197,208 ----
  X    cvs host=anoncvs1.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete
  X
  XThe file /open/sup/cvs/refuse tells sup what files it should not get.
! XIt should contain the following lines:
  X
  X    cvs/CVSROOT/history
+ X    cvs/CVSROOT/readers
+ X    cvs/CVSROOT/writers
+ X    cvs/CVSROOT/passwd
  X
  Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will
  Xcause you problems.
***************
*** 572,584 ****
  X#endif /* ANONCVS_USER */
  X
  X
! X	seteuid(0);
  X	if (chroot(pw->pw_dir) == -1) {
  X		perror("chroot");
  X		exit (1);
  X	}
  X	chdir("/");
! X	setuid(getuid());
  X
  X	/*
  X	 * program now "safe"
--- 584,596 ----
  X#endif /* ANONCVS_USER */
  X
  X
! X	setuid(0);
  X	if (chroot(pw->pw_dir) == -1) {
  X		perror("chroot");
  X		exit (1);
  X	}
  X	chdir("/");
! X	setuid(pw->pw_uid);
  X
  X	/*
  X	 * program now "safe"
***************
*** 619,625 ****
  X		       them, ntohs(peer_sa.sin_port),
  X		       us, ntohs(my_sa.sin_port));
  X#endif /* USE_SYSLOG */
! X		execle("/usr/bin/cvs", "cvs", "pserver", NULL, env);
  X		perror("execle: cvs");
  X		fprintf(stderr, "unable to exec CVS pserver!\n");
  X		exit(1);
--- 631,638 ----
  X		       them, ntohs(peer_sa.sin_port),
  X		       us, ntohs(my_sa.sin_port));
  X#endif /* USE_SYSLOG */
! X		execle("/usr/bin/cvs", "cvs",
! X		    __CONCAT("--allow-root=",LOCALROOT), "pserver", NULL, env);
  X		perror("execle: cvs");
  X		fprintf(stderr, "unable to exec CVS pserver!\n");
  X		exit(1);