Product SiteDocumentation Site

9.4.2. Server setup

Note

Steps 1-9 should be performed on the CVS server, cvs-srv.
  1. As the root user, install the cvs and xinetd packages. Run rpm -q cvs to see if the cvs package is installed. If it is not installed, run yum install cvs as the root user to install it. Run rpm -q xinetd to see if the xinetd package is installed. If it is not installed, run yum install xinetd as the root user to install it.
  2. Create a group named CVS. This can be done via the groupadd CVS command as the root user, or by using the system-config-users tool.
  3. Create a user with a username of cvsuser and make this user a member of the CVS group. This can be done using the system-config-users tool.
  4. Edit the /etc/services file and make sure that the CVS server has uncommented entries looking similar to the following:
    cvspserver	2401/tcp			# CVS client/server operations
    cvspserver	2401/udp			# CVS client/server operations
    
    
  5. Create the CVS repository in the root area of the file system. When using SELinux, it is best to have the repository in the root file system so that recursive labels can be given to it without affecting any other subdirectories. For example, as the root user, create a /cvs directory to house the repository:
    [root@cvs-srv]# mkdir /cvs
    
    
  6. Give full permissions to the /cvs directory to all users:
    [root@cvs-srv]# chmod -R 777 /cvs
    
    

    Warning

    This is an example only and these permissions should not be used in a production system.
  7. Edit the /etc/xinetd.d/cvs file and make sure that the CVS section is uncommented and configured to use the /cvs directory. The file should look similar to:
    service cvspserver
    {
    	disable	= no
    	port			= 2401
    	socket_type		= stream
    	protocol		= tcp
    	wait			= no
    	user			= root
    	passenv			= PATH
    	server			= /usr/bin/cvs
    	env			= HOME=/cvs
    	server_args		= -f --allow-root=/cvs pserver
    #	bind			= 127.0.0.1
    
    
  8. Start the xinetd daemon by running service xinetd start as the root user.
  9. Add a rule which allows inbound connections using TCP on port 2401 by using the system-config-firewall tool.
  10. As the cvsuser user, run the following command:
    [cvsuser@cvs-client]$ cvs -d /cvs init
    
    
  11. At this point, CVS has been configured but SELinux will still deny logins and file access. To demonstrate this, set the $CVSROOT variable on cvs-client and try to log in remotely. The following step should be performed on cvs-client:
    [cvsuser@cvs-client]$ export CVSROOT=:pserver:cvsuser@192.168.1.1:/cvs
    [cvsuser@cvs-client]$
    [cvsuser@cvs-client]$ cvs login
    Logging in to :pserver:cvsuser@192.168.1.1:2401/cvs
    CVS password: ********
    cvs [login aborted]: unrecognized auth response from 192.168.100.1: cvs pserver: cannot open /cvs/CVSROOT/config: Permission denied
    
    
    SELinux has blocked access. In order to get SELinux to allow this access, the following step should be performed on cvs-srv:
  12. Change the context of the /cvs directory as the root user in order to recursively label any existing and new data in the /cvs directory, giving it the cvs_data_t type:
    [root@cvs-srv]# semanage fcontext -a -t cvs_data_t '/cvs(/.*)?'
    [root@cvs-srv]# restorecon -R -v /cvs
    
    
  13. The client, cvs-client should now be able to log in and access all CVS resources in this repository:
    [cvsuser@cvs-client]$ export CVSROOT=:pserver:cvsuser@192.168.1.1:/cvs
    [cvsuser@cvs-client]$
    [cvsuser@cvs-client]$ cvs login
    Logging in to :pserver:cvsuser@192.168.1.1:2401/cvs
    CVS password: ********
    [cvsuser@cvs-client]$