We log onto cdcvs...
<bel-kwinth> rsh cdcvs -l root This rlogin session is using DES encryption for all data transmissions. .... Fermilab policy and rules for computing, including appropriate use, may be found at http://www.fnal.gov/cd/main/cpolicy.htmlAdd entries for an "ipmcvs" account in passwd and shadow. I copied another one and pasted; I'm ommitting the vi session here. (the convention is to have an "xyzcvs" account for repository "xyz".)
[root@cdcvs0 /root]# vi /etc/passwd [root@cdcvs0 /root]# tail -1 /etc/passwd ipmcvs:x:110:6409:E907 CVS User:/cvs/home/ipmcvs:/local/ups/prd/cvsh/v1_9/bin/cvsh [root@cdcvs0 /root]# ed /etc/shadow [root@cdcvs0 /root]# tail -1 /etc/shadow ipmcvs:x:11802:0:99999:7:::Added a repository diretory under /cvs, and home under /cvs/home/ I started by copying one of the other cvs user homes. Then cleaned out cvshlog files, and put myself and the requesting user in the .admin and .k5login files.
[root@cdcvs0 /root]# cd /cvs [root@cdcvs0 /cvs]# mkdir ipm [root@cdcvs0 /cvs]# chown ipmcvs ipm [root@cdcvs0 /cvs]# cd home [root@cdcvs0 home]# ls cvsuser dcdcvs e907cvs flcvs nutevcvs osscvs w2kmigcvs wrscvs [root@cdcvs0 home]# cp -r dcdcvs ipmcvs [root@cdcvs0 home]# chown -R ipmcvs ipmcvs [root@cdcvs0 home]# ls -l total 36 drwxr-xr-x 5 cvsuser cvsuser 4096 Mar 11 15:35 cvsuser drwxr-xr-x 2 dcdcvs root 4096 Jan 27 15:13 dcdcvs drwxr-xr-x 3 e907cvs e907 4096 Feb 26 12:19 e907cvs drwxr-xr-x 2 flcvs root 4096 Jan 27 15:13 flcvs drwxr-xr-x 2 ipmcvs root 4096 Mar 11 16:44 ipmcvs drwxr-xr-x 3 nutevcvs root 4096 Jan 28 13:41 nutevcvs drwxr-xr-x 3 osscvs root 4096 Feb 28 12:10 osscvs drwxr-xr-x 2 w2kmigcv root 4096 Jan 27 15:13 w2kmigcvs drwxr-xr-x 2 wrscvs root 4096 Jan 27 15:13 wrscvs [root@cdcvs0 home]# cd ipmcvs [root@cdcvs0 ipmcvs]# ls cvshlog cvshlog.20011024.gz [root@cdcvs0 ipmcvs]# rm cvshlog* rm: remove `cvshlog'? y rm: remove `cvshlog.20011024.gz'? y [root@cdcvs0 ipmcvs]# ls [root@cdcvs0 ipmcvs]# ls -a . .. .admin .bash_history .cvshrc .cvshrc.bak .k5login [root@cdcvs0 ipmcvs]# vi .admin ... [root@cdcvs0 ipmcvs]# cat .admin mengel nagy [root@cdcvs0 ipmcvs]# rm -f .bash_history [root@cdcvs0 ipmcvs]# vi .k5login [root@cdcvs0 ipmcvs]# cat .k5login mengel@FNAL.GOV nagy@FNAL.GOVNext I updated the .cvshrc to list their new repository
[root@cdcvs0 ipmcvs]# vi .cvshrc ... [root@cdcvs0 ipmcvs]# cat .cvshrc PATH=/local/ups/prd/cvs/v1_11_5/bin:/local/ups/prd/diffutils/v2_7/bin:/usr/krb5/bin:/usr/loca l/bin:/bin:/usr/bin TMPDIR=/tmp ipmcvs /cvs/ipmThis next bit is specific to allowing ssh access to the repository. Not everyone needs this, so in those cases you can skip this bit. We add a .ssh directory with an authorized_keys file. I have a key in the cvsuser account, so I copied my key in so I can test later.
[root@cdcvs0 ipmcvs]# mkdir .ssh [root@cdcvs0 ipmcvs]# chown ipmcvs .ssh [root@cdcvs0 ipmcvs]# chmod 700 .ssh [root@cdcvs0 ipmcvs]# cd .ssh [root@cdcvs0 .ssh]# ls [root@cdcvs0 .ssh]# grep mengel /cvs/home/cvsuser/.ssh/authorized_keys > authorized_keys [root@cdcvs0 .ssh]# cat authorized_keys 1024 35 1254285696944858972260304343500667763230624031273213190387560526619853097837645974226 738611971355744826866604109712149653211896945025185981530412504799995769172443882921612191220 483230748981666822789884206993707689981244700074744263413558910471608495712051803510637185397 65517043648997331545458149241182080811 mengel@ossbudMore ssh stuff, which you may not need for some repositories; to let them in, you also need to edit the sshd_config.cdvs0 file, and add the new account name to the list of allowed users.
[root@cdcvs0 /root]# vi /etc/sshd_config.cdcvs0 [root@cdcvs0 /root]# diff /etc/sshd_config.cdcvs0 /etc/sshd_config.cdcvs0.bak 26c26 < AllowUsers cvsuser nutevcvs e907cvs ipmcvs --- > AllowUsers cvsuser nutevcvs e907cvs [root@cdcvs0 /root]# ps -ef | grep ssh root 469 1 0 2002 ? 00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd root 26487 1 0 2002 ? 00:06:14 /usr/krb5/sbin/sshd -f /etc/sshd root 7315 1 0 Feb25 ? 00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd root 24771 24744 1 16:53 ttyp0 00:00:00 grep ssh [root@cdcvs0 /root]# ps -efw | grep ssh root 469 1 0 2002 ? 00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs1 root 26487 1 0 2002 ? 00:06:14 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs0 root 7315 1 0 Feb25 ? 00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs2 [root@cdcvs0 /root]# kill 26487; /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs0 [root@cdcvs0 /root]# ps -efw | grep ssh root 469 1 0 2002 ? 00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs1 root 7315 1 0 Feb25 ? 00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs2 root 24778 1 5 16:53 ? 00:00:00 /usr/krb5/sbin/sshd -f /etc/sshd_config.cdcvs0 [root@cdcvs0 /root]# exit Connection closed.Now we come back in as the new ipmcvs account (this is why we added ourselves to the .admin file so we can get an interactive login)
<bel-kwinth> rsh cdcvs -l ipmcvs This rlogin session is using DES encryption for all data transmissions. ... Fermilab policy and rules for computing, including appropriate use, may be found at http://www.fnal.gov/cd/main/cpolicy.html [e907cvs@cdcvs0 ipmcvs]$ cd /cvs/ipm [e907cvs@cdcvs0 ipm]$ ls [e907cvs@cdcvs0 ipm]$ cvs -d /cvs/ipm init [e907cvs@cdcvs0 ipm]$ ls CVSROOT [e907cvs@cdcvs0 ipm]$ exit Connection closed.Next we do some test cvs things with the new repository.
<bel-kwinth> cd /tmp <bel-kwinth> mkdir stuff <bel-kwinth> cd stuff <bel-kwinth> echo hello > file <bel-kwinth> cvs -d ipmcvs@cdcvs.fnal.gov:/cvs/ipm import -m log stuff fermi init <bel-kwinth> cd .. <bel-kwinth> rm -rf stuff <bel-kwinth> cvs -d ipmcvs@cdcvs.fnal.gov:/cvs/ipm co stuff This rsh session is using DES encryption for all data transmissions. cvs server: Updating stuff U stuff/file <bel-kwinth> cd stuff <bel-kwinth> ls CVS file <bel-kwinth> cvs log file This rsh session is using DES encryption for all data transmissions. RCS file: /cvs/ipm/stuff/file,v Working file: file head: 1.1 branch: 1.1.1 locks: strict access list: symbolic names: initial: 1.1.1.1 fermi: 1.1.1 keyword substitution: kv total revisions: 2; selected revisions: 2 description: ---------------------------- revision 1.1 date: 2003/03/11 22:55:33; author: mengel; state: Exp; branches: 1.1.1; Initial revision ---------------------------- revision 1.1.1.1 date: 2003/03/11 22:55:33; author: mengel; state: Exp; lines: +0 -0 =============================================================================Now some more testing, for the ssh stuff. Of course, if you didn't add ssh stuff above, don't bother testing it here...
<bel-kwinth> ssh-add Enter passphrase for mengel@fnal.gov: Identity added: /afs/fnal/files/home/room1/mengel/.ssh/identity (mengel@fnal.gov) <bel-kwinth> KRB5CCNAME=/tmp/junk <bel-kwinth> export KRB5CCNAME <bel-kwinth> klist klist: No credentials cache file found (ticket cache /tmp/junk) <bel-kwinth> CVS_RSH=/usr/krb5/bin/ssh <bel-kwinth> export CVS_RSH <bel-kwinth> cvs log file 21193: Warning: Remote host denied X11 forwarding. RCS file: /cvs/ipm/stuff/file,v Working file: file head: 1.1 branch: 1.1.1 locks: strict access list: symbolic names: initial: 1.1.1.1 fermi: 1.1.1 keyword substitution: kv total revisions: 2; selected revisions: 2 description: ---------------------------- revision 1.1 date: 2003/03/11 22:55:33; author: mengel; state: Exp; branches: 1.1.1; Initial revision ---------------------------- revision 1.1.1.1 date: 2003/03/11 22:55:33; author: mengel; state: Exp; lines: +0 -0 ============================================================================= <bel-kwinth> unset KRB5CCNAMEAnd finally, we clean up from our testing. The user probably doesn't want our "stuff" directory laying around.
<bel-kwinth> rsh cdcvs -l ipmcvs This rlogin session is using DES encryption for all data transmissions. ... Fermilab policy and rules for computing, including appropriate use, may be found at http://www.fnal.gov/cd/main/cpolicy.html [ipmcvs@cdcvs0 ipmcvs]$ cat cvshlog Tue Mar 11 17:00:43 2003 (mengel@bel-kwinth.fnal.gov) : -cvsh [kK] Tue Mar 11 17:00:50 2003 (mengel@bel-kwinth.fnal.gov) : cvs server [sS] [ipmcvs@cdcvs0 ipmcvs]$ cd /cvs/ipm [ipmcvs@cdcvs0 ipmcvs]$ rm -rf stuff [ipmcvs@cdcvs0 ipmcvs]$ exit Connection closed.