We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

CVSWEB

raza
raza asked
on
Medium Priority
693 Views
Last Modified: 2012-08-14


I am using TortoiseCVS on windows which works fine. I have cvs server on linux. I would like to setup CVSWEB to view log and other features.

I am trying to setup viewVC. I am getting the following error message.  

An Exception Has Occurred

The root "/cvsroot" is unknown. If you believe the value is correct, then please double-check your configuration.

HTTP Response Status

404 Repository not found

Here is the outpout of /var/log/messages :

Apr 13 22:44:51 viper kernel: audit(1144993491.262:0): avc:  denied  { getattr } for  pid=2481 exe=/usr/bin/python path=/var dev=dm-3 ino=2 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=dir
Apr 13 22:44:55 viper kernel: audit(1144993495.339:0): avc:  denied  { getattr } for  pid=2483 exe=/usr/bin/python path=/var dev=dm-3 ino=2 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=dir




please let me know if there is any othere that mostly use cvsweb tool available for linux.
Comment
Watch Question

Commented:
those errors are selinux errors.  
try to disable selinux,

'setenforce 0'

and see if your server picks it up afterwards...
you can permanently disable selinux by editing the /etc/sysconfig/selinux and set
SELINUX=disabled

Author

Commented:


I am not getting this error messages after runing "setenforce 0" but I still have the same problem

Author

Commented:

How do I give access to viewVC for cvsroot repository?

Commented:
/cvsroot - is this path correct?

if so, you will have to give apache read/ (possibly write?) access to this folder.  what is the current permissions on your cvsroot folder?  you can chmod 766 this folder...

also, you should have more log messages from your httpd server... usually located in /var/log/httpd
these errors may be helpful in finding out what exactly the issue is

Author

Commented:

Yes, The /cvsroot is the repository.

I would like to setup auth for login/password but before let get it working without it.

How do I give apache read/write access to /cvsroot directory.

Author

Commented:

the 766 will give access to others. I would like to control it by user:group. Can I do it without giving access to others

Author

Commented:

I just check with 766 giving access to /cvsroot but still get the same error messages.
Artysystem administrator
Top Expert 2007

Commented:
please provide:
ls -al /cvsroot
ls -ald /cvsroot
Artysystem administrator
Top Expert 2007

Commented:
Also it may be apache configuration problem.

The root "/cvsroot" is unknown. If you believe the value is correct, then please double-check your configuration.
HTTP Response Status
404 Repository not found

/cvsroot is relative to apache document root, not to your FS root.

Author

Commented:

so, should I make a link for "/cvsroot" under "/var/www/html"

here is the out of ls:

hostname:/->ls -al /cvsroot
total 136
drwxrwx---  13 raza    cvsroot   4096 Apr 17 10:24 .
drwxr-xr-x  37 root    root      4096 Apr 13 23:23 ..
drwxrwx---   2 user1 grp1      4096 Apr  7 16:53 algo
drwxr-x---   3 raza    cvsroot   4096 Apr 13 13:15 CVSROOT
drwxrwx---   5 user2 projg2 4096 Apr 11 15:24 proj2
drwxrwxr-x   2 user3 progj3 4096 Apr 13 14:03 myproject

hostname:/->ls -ald /cvsroot
drwxrwx---  13 raza cvsroot 4096 Apr 17 10:24 /cvsroot

Artysystem administrator
Top Expert 2007

Commented:
so, should I make a link for "/cvsroot" under "/var/www/html" - NO, you should not, at least not now.

drwxr-x---   3 raza    cvsroot   4096 Apr 13 13:15 CVSROOT
is owned by raza:cvsroot while python is run from apache probably with nobody:nobody permissions.

Try to backup /cvsroot then chmod 777 recursive to all files, then see what happens.
If it's a permissions problem, that will work and we will go to the next step.

Author

Commented:
I tired 777 and still same error message.
Artysystem administrator
Top Expert 2007

Commented:
try to configure root as '/cvsroot/' with leading slash.

Author

Commented:
same error
Artysystem administrator
Top Expert 2007

Commented:
Do you run ViewVC as standalone server or as apache cgi script?

Author

Commented:
I turn on the httpd service.
Artysystem administrator
Top Expert 2007

Commented:
try to disable SELinux completely for test purposes.

Author

Commented:

ok.... now... It is working for a cvs directory where I give permission 777.

Now, how do I configure to use it without giving 777?

Author

Commented:

I am also getting this error in rev, age, author column.

stat error: [Errno 13] Permission denied:
Artysystem administrator
Top Expert 2007

Commented:
For ViewVC read permissions for 'nobody' are enough, but they must be enabled recursively.
So try this permissions:
chmod -R 775 /cvsroot

Author

Commented:

I can not set this permission. Is there a way I can set noboday to anything elase?
Artysystem administrator
Top Expert 2007

Commented:
you may append user 'nobody' to additional group 'cvsroot'
just edit file:
/etc/group

Author

Commented:

I already have set groups...I think it may not be safe to use nobody user and group ids for cvs purpose...

Is there a way I could configur viewvc or httpd to assign a user to use instead of using nobody
Artysystem administrator
Top Expert 2007

Commented:
What do you mean when you say 'safe' or 'unsafe'?

Is it safe for apache user to run Python script? NO
/it doesn't matter under which user apache runs/

Is it safe for Python script to access any file in your disk? NO
/the same reason/

Is it same to allow ViewVC to access /cvs reposytory as read-only?
NO
/because it's purpose of doing that/

If you like to restrict access to python CGI script, do it in apache either by restricting IP or by using httpd authentication.



Author

Commented:

No user be bealbe to check-out modules via viewvc?

I just want to make sure that I will not putting everything to public
Artysystem administrator
Top Expert 2007

Commented:
viewvc is a read-only application.
Artysystem administrator
Top Expert 2007

Commented:
so users will be able to check-out but not check-in

Author

Commented:

This will not work for me. I has to have restricted access to cvs database.

All I wanted to setup is log view for tortias application.

Do recommend any app that will do?
system administrator
Top Expert 2007
Commented:
Any CVS viewer allows any user to see entire CVS tree with all file versions, not only logs.
If you want to restrict your users to viewing logs only, you may use apache's embedded policy mechanism.
First you need to find which parameters are passed to viewvc and what cgi scripts are executed when you are viewing logs.
Then you may use regex in <Locationmatch> section in httpd.conf to restrict access to specific commands/parameters.
Read here: http://httpd.apache.org/docs/2.2/mod/core.html#location

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.