• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 622
  • Last Modified:

CVSWEB



I am using TortoiseCVS on windows which works fine. I have cvs server on linux. I would like to setup CVSWEB to view log and other features.

I am trying to setup viewVC. I am getting the following error message.  

An Exception Has Occurred

The root "/cvsroot" is unknown. If you believe the value is correct, then please double-check your configuration.

HTTP Response Status

404 Repository not found

Here is the outpout of /var/log/messages :

Apr 13 22:44:51 viper kernel: audit(1144993491.262:0): avc:  denied  { getattr } for  pid=2481 exe=/usr/bin/python path=/var dev=dm-3 ino=2 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=dir
Apr 13 22:44:55 viper kernel: audit(1144993495.339:0): avc:  denied  { getattr } for  pid=2483 exe=/usr/bin/python path=/var dev=dm-3 ino=2 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t tclass=dir




please let me know if there is any othere that mostly use cvsweb tool available for linux.
0
raza
Asked:
raza
  • 15
  • 12
  • 2
1 Solution
 
edkim80Commented:
those errors are selinux errors.  
try to disable selinux,

'setenforce 0'

and see if your server picks it up afterwards...
you can permanently disable selinux by editing the /etc/sysconfig/selinux and set
SELINUX=disabled
0
 
razaAuthor Commented:


I am not getting this error messages after runing "setenforce 0" but I still have the same problem
0
 
razaAuthor Commented:

How do I give access to viewVC for cvsroot repository?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
edkim80Commented:
/cvsroot - is this path correct?

if so, you will have to give apache read/ (possibly write?) access to this folder.  what is the current permissions on your cvsroot folder?  you can chmod 766 this folder...

also, you should have more log messages from your httpd server... usually located in /var/log/httpd
these errors may be helpful in finding out what exactly the issue is
0
 
razaAuthor Commented:

Yes, The /cvsroot is the repository.

I would like to setup auth for login/password but before let get it working without it.

How do I give apache read/write access to /cvsroot directory.

0
 
razaAuthor Commented:

the 766 will give access to others. I would like to control it by user:group. Can I do it without giving access to others
0
 
razaAuthor Commented:

I just check with 766 giving access to /cvsroot but still get the same error messages.
0
 
NopiusCommented:
please provide:
ls -al /cvsroot
ls -ald /cvsroot
0
 
NopiusCommented:
Also it may be apache configuration problem.

The root "/cvsroot" is unknown. If you believe the value is correct, then please double-check your configuration.
HTTP Response Status
404 Repository not found

/cvsroot is relative to apache document root, not to your FS root.
0
 
razaAuthor Commented:

so, should I make a link for "/cvsroot" under "/var/www/html"

here is the out of ls:

hostname:/->ls -al /cvsroot
total 136
drwxrwx---  13 raza    cvsroot   4096 Apr 17 10:24 .
drwxr-xr-x  37 root    root      4096 Apr 13 23:23 ..
drwxrwx---   2 user1 grp1      4096 Apr  7 16:53 algo
drwxr-x---   3 raza    cvsroot   4096 Apr 13 13:15 CVSROOT
drwxrwx---   5 user2 projg2 4096 Apr 11 15:24 proj2
drwxrwxr-x   2 user3 progj3 4096 Apr 13 14:03 myproject

hostname:/->ls -ald /cvsroot
drwxrwx---  13 raza cvsroot 4096 Apr 17 10:24 /cvsroot

0
 
NopiusCommented:
so, should I make a link for "/cvsroot" under "/var/www/html" - NO, you should not, at least not now.

drwxr-x---   3 raza    cvsroot   4096 Apr 13 13:15 CVSROOT
is owned by raza:cvsroot while python is run from apache probably with nobody:nobody permissions.

Try to backup /cvsroot then chmod 777 recursive to all files, then see what happens.
If it's a permissions problem, that will work and we will go to the next step.
0
 
razaAuthor Commented:
I tired 777 and still same error message.
0
 
NopiusCommented:
try to configure root as '/cvsroot/' with leading slash.
0
 
razaAuthor Commented:
same error
0
 
NopiusCommented:
Do you run ViewVC as standalone server or as apache cgi script?
0
 
razaAuthor Commented:
I turn on the httpd service.
0
 
NopiusCommented:
try to disable SELinux completely for test purposes.
0
 
razaAuthor Commented:

ok.... now... It is working for a cvs directory where I give permission 777.

Now, how do I configure to use it without giving 777?
0
 
razaAuthor Commented:

I am also getting this error in rev, age, author column.

stat error: [Errno 13] Permission denied:
0
 
NopiusCommented:
For ViewVC read permissions for 'nobody' are enough, but they must be enabled recursively.
So try this permissions:
chmod -R 775 /cvsroot
0
 
razaAuthor Commented:

I can not set this permission. Is there a way I can set noboday to anything elase?
0
 
NopiusCommented:
you may append user 'nobody' to additional group 'cvsroot'
just edit file:
/etc/group
0
 
razaAuthor Commented:

I already have set groups...I think it may not be safe to use nobody user and group ids for cvs purpose...

Is there a way I could configur viewvc or httpd to assign a user to use instead of using nobody
0
 
NopiusCommented:
What do you mean when you say 'safe' or 'unsafe'?

Is it safe for apache user to run Python script? NO
/it doesn't matter under which user apache runs/

Is it safe for Python script to access any file in your disk? NO
/the same reason/

Is it same to allow ViewVC to access /cvs reposytory as read-only?
NO
/because it's purpose of doing that/

If you like to restrict access to python CGI script, do it in apache either by restricting IP or by using httpd authentication.



0
 
razaAuthor Commented:

No user be bealbe to check-out modules via viewvc?

I just want to make sure that I will not putting everything to public
0
 
NopiusCommented:
viewvc is a read-only application.
0
 
NopiusCommented:
so users will be able to check-out but not check-in
0
 
razaAuthor Commented:

This will not work for me. I has to have restricted access to cvs database.

All I wanted to setup is log view for tortias application.

Do recommend any app that will do?
0
 
NopiusCommented:
Any CVS viewer allows any user to see entire CVS tree with all file versions, not only logs.
If you want to restrict your users to viewing logs only, you may use apache's embedded policy mechanism.
First you need to find which parameters are passed to viewvc and what cgi scripts are executed when you are viewing logs.
Then you may use regex in <Locationmatch> section in httpd.conf to restrict access to specific commands/parameters.
Read here: http://httpd.apache.org/docs/2.2/mod/core.html#location
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 15
  • 12
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now