[clug] exposing a CVS repository to the internet
Martin Pool
mbp at samba.org
Tue May 27 12:22:03 EST 2003
On 24 May 2003, James Ring <sjr at jdns.org> wrote:
> Hi all,
>
> I was wondering, what is the 'accepted' way of exposing a CVS repository
> to the internet (for read-only access). My CVS repository is stored on a
> fileserver on my local segment (192.168.0.0/24), and my website is
> hosted on a DMZ separated by a firewall. This firewall permits no
> connects from the DMZ to the local network.
>
> For me, the most convenient way is to allow the web server to mount a
> NFS on the fileserver through the firewall, but I am concerned that this
> will be too dangerous if somebody manages to compromise the web
> server.
I think it would be.
I would rsync from the real CVS server to the public server. Syncing
every say 5 minutes should be quite feasible.
Tridge has some code here to help you chroot the CVS server, which you
can get from here
http://pserver.samba.org/samba/cvs.html
Make sure the public server runs as an unprivileged uid that is not
able to write to its copy of the repository.
--
Martin
linux.conf.au 2004: Adelaide, Australia http://lca2004.linux.org.au/
More information about the linux
mailing list