summaryrefslogtreecommitdiff
path: root/development/cvsd/README
diff options
context:
space:
mode:
Diffstat (limited to 'development/cvsd/README')
-rw-r--r--development/cvsd/README27
1 files changed, 27 insertions, 0 deletions
diff --git a/development/cvsd/README b/development/cvsd/README
new file mode 100644
index 0000000000..248327f3cf
--- /dev/null
+++ b/development/cvsd/README
@@ -0,0 +1,27 @@
+cvsd is a wrapper program for cvs in pserver mode. it will run 'cvs pserver'
+under a special uid/gid in a chroot jail.
+
+cvsd is run as a daemon and is controlled through a configuration file. It is
+relatively easy to configure and provides tools for easy setting up a chroot
+jail.
+
+This server can be useful if you want to run a public cvs pserver. You should
+however be aware of the security limitations of running a cvs pserver. If you
+want any kind of authentication you should really consider using secure shell
+as a secure authentication mechanism and transport. Passwords used in cvs
+pserver are transmitted in plain text.
+
+This wrapper adds a layer of security to the cvs server. cvs is a very
+powerful tool and is capable of running scripts and other things. Running cvs
+in a chroot jail it is possible to limit the amount of "damage" cvs can do if
+it is exploited. It is generally a good idea to run cvsd without any write
+permissions to any directory on the system.
+
+Features of cvsd include:
+ * running in chroot jail
+ * configuring chroot jail
+ * running under a non-root uid
+ * set a nice value
+ * limit resource usage
+ * limit number of connections
+ * relatively easy to set up