[clug] exposing a CVS repository to the internet

Martin Pool mbp at samba.org
Tue May 27 12:22:03 EST 2003

On 24 May 2003, James Ring <sjr at jdns.org> wrote:
> Hi all,
> I was wondering, what is the 'accepted' way of exposing a CVS repository 
> to the internet (for read-only access). My CVS repository is stored on a 
> fileserver on my local segment (, and my website is 
> hosted on a DMZ separated by a firewall. This firewall permits no 
> connects from the DMZ to the local network.
> For me, the most convenient way is to allow the web server to mount a 
> NFS on the fileserver through the firewall, but I am concerned that this 
> will be too dangerous if somebody manages to compromise the web
> server.

I think it would be.

I would rsync from the real CVS server to the public server.  Syncing
every say 5 minutes should be quite feasible.

Tridge has some code here to help you chroot the CVS server, which you
can get from here


Make sure the public server runs as an unprivileged uid that is not
able to write to its copy of the repository.


linux.conf.au 2004: Adelaide, Australia         http://lca2004.linux.org.au/

More information about the linux mailing list