通过 ssh 拒绝 cvs 服务器的权限
我无法通过 eclipse 将 java 项目通过互联网导入到我的 cvs 服务器上来创建新项目。
我以 root 身份创建了一个名为 /priv/cvs/ 的目录。 然后我调用“cvs -d /priv/cvs/ init”。 我创建了一个名为 cvs 的用户和一个名为 cvs 的组。 该存储库由 cvs 拥有并属于 cvs 组。
然后我创建了一个用户“ben”,他唯一的组是 cvs。 我“chroot”了用户“ben”,使其仅访问 cvs 功能,不允许使用密码通过 ssh 访问服务器,只能使用添加在服务器主目录中的文件authorized_keys2 中的公钥。
authorized_keys2 的内容如下:
no-port-forwarding,no-X11-forwarding,command="/usr/bin/cvs server" ssh-rsa [public_key_content] rsa-key
连接到服务器工作得很好。 Eclipse 要求提供私钥的密码才能连接到服务器。身份验证有效并且 eclipse 能够运行 cvs 命令。
但是,当使用“团队”->“共享项目”导入我的项目时。我收到错误:
The server reported an error: Permission denied
projectname: cvs server: cannot open /priv/cvs/CVSROOT/config: Permission denied
projectname: Cannot access /priv/cvs/CVSROOT
cvs root (/priv/cvs/) 的访问权限设置为 770。这意味着所有者(cvs)和组 cvs 的组参与者都被允许读写。
为什么我的权限被拒绝?
当我将文件夹设置为 777(这意味着读/写全部)时,它就可以工作。但我不想要那样。我只希望 cvs 用户读/写此文件夹? 我对访问规则有什么误解吗?
我忘记了一件事: /priv/cvs 中的所有文件和目录均已 chmodded 为 cvs:cvs,/priv/cvs/ 中的所有文件夹均已 chmodded 为 775(由所有人读取,由所有者/组写入)。
I cant create a new project by importing a java project via eclipse onto my cvs server via internet.
I created a directory as root called /priv/cvs/.
Then i called "cvs -d /priv/cvs/ init".
I created a user named cvs and a groups called cvs.
The repository is owned by cvs and in group cvs.
Then i created a user "ben" and his only group is cvs.
I "chrooted" the user "ben" accessing only the cvs functionality by not allowing to access the server via ssh with password, only by using a public key which is added in his home directory on the server in file authorized_keys2.
the contect of authorized_keys2 is as follows:
no-port-forwarding,no-X11-forwarding,command="/usr/bin/cvs server" ssh-rsa [public_key_content] rsa-key
Connecting to the server works pretty fine. Eclipse asks for the passphrase for the private key to connect to the server. Authentication works and eclipse is able to run cvs commands.
But when importing my project by using Team->Share Project. I get the error:
The server reported an error: Permission denied
projectname: cvs server: cannot open /priv/cvs/CVSROOT/config: Permission denied
projectname: Cannot access /priv/cvs/CVSROOT
The access right for the cvs root (/priv/cvs/) is set to 770. Which means that the owner, which is cvs and the group participants of the group cvs are allowed to read and write.
Why do i get Permission denied?
When i set the folder to 777, which means read/write to ALL, then it works. But i dont want that. I only want cvs users read/write to this folder?
Is there something i misunderstood about access rules?
One thing i forgot:
All files and directory in /priv/cvs are chmodded to cvs:cvs and all folders in /priv/cvs/ have been chmodded to 775 (read by all, write by owner/group).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Eclipse 可能正在使用非特权用户访问服务器。检查服务器日志中是否有失败的访问尝试,并使用 Eclipse 中的 CVS Repository 视图来定义对存储库的访问。
Team/Share 不是在 Eclipse 中从 CVS 进行初始签出的正确方法;它旨在让 Eclipse 从现有/工作项目目录中获取 CVS 信息。
Eclipse is probably using an unpriviledged user to access the server. Check the server logs for the failed access attempts, and use the CVS Repository view in Eclipse to define access tot he repository.
Team/Share is not the correct way to do an initial checkout from CVS in Eclipse; it is intended for Eclipse to grab CVS information from existing/working project directories.