CVSUSER - Password Management for CVS


Home Page
Downloading and Installing
User Documentation
Developer Resources

Other Stuff:

Chilli: A Memorial


This documentation applies to the 0.10 beta and 0.20 beta releases of cvsuser.

cvsuser Commands:

Most commands are setup to support both administration of a local CVS password file and remote access using the cvsuserd daemon (discussed below). Local access must normally be forced using the switch local <path> which directs cvsuser to modify the password file located at /CVSROOT/passwd as well as the readers and writers file and other files maintained by cvsuser/cvsuserd. The cvsroot <cvsroot_string> switch commands cvsuser to modify files at the remote server specified by the cvsroot string. The format of the CVSROOT string should match that of the $CVSROOT environment variable used by CVS, including the leading :pserver:. The login <password> switch may optionally be used to specify the login password. the port <port> switch may be used to force cvsuser to use a port other port 2402. The login and port switches are only accepted when communicating with a remote cvsuserd daemon. If neither the cvsroot switch nor the local switch is specified on the command line, cvsuser will look for the $CVSROOT environment variable. If this variable is defined, cvsuser will use this environment variable to determine the location of a remote cvsuserd daemon. If this environment variable is not specified, then cvsuser will look for an CVS archive at /home/cvs.

The common switches cvsroot, local, and login may use any of the substitutions listed:

 cvsroot:  -d  --cvsroot 
 local:  -z  --local 
 login:  -g  --login 
 port:  -t  --port 

Note that local access to a CVS archive using cvsuser while the cvsuserd daemon is managing this same archive will cause unpredictable results. This issue can be circumvented by using the remote access feature with the hostname localhost. cvsuser switches may be specified in any order and may precede or follow the command. This allows for automatic inclusion of switches on the command line using the bash alias command within the .bashrc login script.

cvsuser/cvsuserd supports 5 basic commands:

cvsuser add

The add command adds users to the CVS password file. Users may be added with administrator access rights, developer access rights, or restricted access rights. Administrator access rights allows a user to add and remove users at will, list all the users in the password file and change any user's password. Developer access rights allows a user to change his/her password only. Restricted access (neither administrator or developer) has no access to the CVS password file. Users may be given read-only or read-write access rights using the readonly or writable switches on the command line. If not specified, read-only access is assumed (unless the default is changed in defaults.h) To provide fine control of access rights, the user's system account may be specified using the account switch. The password switch may be used to specify the new user's login password. If no specified, cvsuser will prompt for a password unless the nopassword switch is specified. Note that the nopassword switch is provided primarily to setup anonymous accounts and is disable when accessing a remote cvsuserd daemon.

  cvsuser add <user> [ readonly | writable ]
                     [ developer | administrator ]
		     [ account <system account> ]
		     [ password <password> | nopassword ]
		     [ cvsroot <cvsroot string> [ login <login password ] |
                     [ port <port> ] | local <archive path> ]

Each switch may use any of the substitutes listed if desired:

 add:  -a  --add 
 readonly:  -o  --readonly  read_only  --read_only 
 writable:  -w  --writable  writeable  --writeable 
 developer:  -e  --developer 
 account:  -s  --account  system_account  sysaccount  --sysaccount  --system_account 
 password:  -p  --password  pw  --pw 
 nopassword:  -np  --no_password  no_password  --no_password  nopw  --nopw  no_pw  --no_pw 

cvsuser change

The change command changes a user's CVS login password in the CVS password file. At this time, no other user parameters can be changed. Administrators can change any user's password while developers are only allowed to change their password. The nopassword switch is only accepted when modifying a local CVS password file.

  cvsuser change <user> [ password <password> | nopassword ]
		        [ cvsroot <cvsroot string> [ login <login password ] |
                        [ port <port> ] | local <archive path> ]

Each switch may use any of the substitutes listed if desired:

 password:  -p  --password  pw  --pw 
 nopassword:  -np  --no_password  no_password  --no_password  nopw  --nopw  no_pw  --no_pw 

cvsuser help

This command displays a short list of supported commands and their optional switches. No other action is performed.

  cvsuser help

Each switch may use any of the substitutes listed if desired:

 help:  -h  -?  --help 

cvsuser list

The list command generates a list of users, their access rights, system account and read-only/read-write status. Below is an example output showing the format:

  Connected to
  administrator cvsadmin writeable  administrator
  anonymous     cvs      read-only  restricted
  joevoncoder   cvs      writeable  developer
  paulhsmith    cvs      writeable  developer

Command syntax is:

  cvsuser list [ cvsroot <cvsroot string> [ login <login password ] |
               [ port <port> ] | local <archive path> ]

cvsuser remove

The remove command removes a user from the CVS password file (any any other associated files).

  cvsuser remove <user> [ cvsroot <cvsroot string> [ login <login password ] |
                        [ port <port> ] | local <archive path> ]

Private Key

cvsuser/cvsuserd use a weak encryption scheme (although its much stronger than that used by CVS itself) to encrypt commands sent by the cvsuser client to the cvsuserd daemon and the generated reply. This encryption scheme requires a private key which must be stored in the file .cvsuser in the user's home directory. This file contains a list of cvsroot strings followed by the key for the server. Note that the key starts at the first non-space character and ends at the end of line and therefore may inadvertantly be wrong due to trailing spaces, tabs, etc. All lines beginning with an pound sign are comments and are ignored. Below is an example file. Spaces before the cvsroot string and pound-sign are ignored.

  # This is the cvsuser key file, which should be placed in the
  # user's home directory using the name ".cvsuser".  Note to be careful
  # about tabs or trailing whitespace at the end of the key as these characters
  # are included in the key.
  # This is the key for hackerworld      Yet another private key And even another private key


To add an administrator account for the user admin to a local archive with the password Pizza, you would use the following command:

  cvsuser add admin password Pizza administrator writable account cvsadmin local /home/cvs

To change the current password for Tom on the server pointed to by the current $CVSROOT environment variable the command would be:

  cvsuser change Tom

For user admin with password "password123" to remove user "Tom" from a CVS archive at with a CVS directory set to /home/cvs, the command would be:

  cvsuser remove Tom cvsroot login password123


The cvsuserd daemon is a server for cvsuser clients. This daemon may be used either stand alone (launched as part of the rc3 or rc5 init process or launched by rc.local) or in conjunction with inetd/xinetd super-daemons. Currently, the cvsuserd daemon can operate on only one CVS archive, although multiple cvsuserd daemons can be spawned and bound to different ports in cases where one server has multiple, independent CVS archives. If demand exists, this limitation may be addressed.


Currently the build process places cvsuserd into /usr/bin. For security reasons, the program may be manually moved into /usr/sbin after the install completes. Be sure to suid cvsuserd to give is read/write access the the CVS archive's attic (CVSROOT directory). The exact settings are implementation specific and need to be addressed on a case-by-case basis.

The cvsuserd daemon will create a logfile at /var/log/cvsuserd.log (the log can be redirected to stdout using the --console switch described below). Be sure to adjust access rights to allow cvsuserd to write to this location. This is most easily done by creating the log file and setting its access rights using the command sequence:

  touch /var/log/cvsuserd.log
  chown cvsuser /var/log/cvsuserd.log
  chgrp cvsgroup /var/log/cvsuserd.log
  chmod 660 /var/log/cvsuserd.log

Change the cvs username and cvs user's group based on your system configuration.

Before starting the cvsuserd daemon, create a system administrator using the cvsuser add command described above using the local access mode. Once cvsuserd starts, cvsuser can not reliably modify these files (cvsuserd will ignore the changes and overwrite the files). To create an administrator named admin with password Pencil with the cvs password file located at /home/cvs/CVSROOT/passwd, the command would be:

  cvsuser add admin password Pencil administrator writable account cvsuser local /home/cvs

Note that the above command presumes the system account "cvsuser" should be used for administrator accesses.

To force the system to automatically start cvsuserd on boot using the rc3/rc5 init process, create a file called cvsuserd in the /etc/init.d directory of your system which contains the following:

  # Script to startup the cvsuserd daemon.

    case "$1" in
        echo -n "Starting cvsuserd"

        /usr/sbin/cvsuserd -k -v -a /home/cvs -m "Connected to" &
          echo -n "Shutting down cvsuserd"
	  killall cvsuserd
         $0 stop
         $0 start
         echo "Usage: $0 {start|stop|restart}"
         exit 1

    exit 0

To tell the system to start the daemon on boot, enter the following commands to create the appropriate symbolic links:

  ln -s /etc/init.d/cvsuserd /etc/init.d/rc3.d/S99cvsuserd
  ln -s /etc/init.d/cvsuserd /etc/init.d/rc5.d/S99cvsuserd

You can manually start the daemon by:

  /etc/init.d/cvsuserd start

And stop the daemon by:

  /etc/init.d/cvsuserd stop


 -a <path>:  --allow_access <path>  --access <path> 

This switch specifies the location of the CVS archive to manage. The default location is /home/cvs. This switch is almost always required.

 -h:  -?  --help 

This switch commands cvsuserd to display helpful information and exit. All other switches are ignored.

 -k  --keepalive  --keep_alive 

To support inetd/xinetd superdaemons, cvsuserd will timeout and exit after 30 seconds of inactivity. This switch tells cvsuserd to remain active indefinitely, even with no activity. Note that cvsuserd can support simultaneous concurrent sessions so xinetd is not needed to spawn multiple instances of the daemon (in fact, only allow one instance to run at a time).

 -m <message>:  --message <message> 

This switch changes the welcome text to display when a cvsuser client connects to this server. Messages containing spaces should be included within quotes.

 -n <server name>:  --name <server name> 

Normally cvsuserd ignores the hostname included on the cvsroot string passed by the client. This switch informs cvsuserd to compare the hostname specified by this switch against the hostname included in the cvsroot string sent by the client.

 -p <port>:  --port <port> 

This switch commands cvsuserd to bind to a port other than port 2402.

 -v  --verbose 

Enables verbose logging of activity. This switch will make the log file much longer, but may provide additional usefl information about the type of activity occuring.

 -c:  --console 

This switch tells cvsuserd to dump all log data to the console rather than to /var/log/cvsuserd.