Administration of virtual repositories with cvs passwd

Users of your virtual repository are listed in the `CVSROOT/cvspasswd' file which is managed by cvs passwd command, see section passwd--manage the `CVSROOT/cvspasswd' file. This file replaces the old `CVSROOT/passwd' and `CVSROOT/users' files. It contains the following colon-separated fields:

• CVS user name;
• hashed password;
• system-user[.system-group]
  system username and groupname on CVS-server machine. `cvs-nserver' switches to this user and group after successful authentication; if system-group is not specified CVS-server will switches to the primary group of system-user;
• user e-mail for notification, section Telling CVS to notify you.
• various administrator-supplied information about user (so-called GECOS field);
• account status ("Enabled", "Disabled", "Expires DD-MM-YYYY") (TODO).

The `CVSROOT/cvspasswd' should be owned by the repos1admin user and accessible only by that user (mode 600).

CVS-server will get password from Vasya's CVS-client, compare it with the password stored in `CVSROOT/cvspasswd' and switch to group repos1group and user repos1user. So CVS will be able to access `/repos1' and will let Vasya to work in this repository.

You can manage `CVSROOT/cvspasswd' remotely or even let someone else do it. For example, create CVS-account for john@company.com and associate this account with system user repos1admin:

# cvs -d /repos1 passwd -a cvsadmin -m john@company.com -u repos1admin
# cvs -d /repos1 passwd -e cvsadmin

Now if John will successfully login to your repository, he will have write access to `cvspasswd' file and will be able to do commands like this remotely over the network (again formatted to fit the screen):

# cvs -d :pserver:repos1admin@machine.yourdomain.net:/repos1
      passwd -a alice -m alice@company.com -u repos1user.repos1group
Enter password for user alice: ********
Enter password for user alice again: ********

# cvs -d :pserver:cvsadmin@machine.yourdomain.net:/repos -e alice
Enabling user alice

You now have to create users that would have remote access to the repository. Use something like this (formatted to fit the screen):

        # cvs -d :local:/repos passwd -a vasya  \
               -m vasya@somewhere.net -u repos1user.repos1group 

        Enter CVS password for user vasya:
        Enter CVS password for user vasya again:

        # cvs -d :local:/repos passwd -e vasya
        Enabling user vasya

If you'll look at `/repos/CVSROOT/cvspasswd', you will see there line like this:

vasya:$1$pAsSwOrD.:repos1user.repos1group:vasya@somewhere.net::Enabled

When vasya will try to login into your repository, he will use command like this:

$ cvs -d vasya@machine.yourdomain.net:/repos1 login
(logging in to vasya@machine.yourdomain.net)
CVS password: 
320 This is CVS nserver 1.10.7 at machine.yourdomain.net
220 Welcome to /repos1, vasya!

If there is an anonymous user in `CVSROOT/cvspasswd' then remote users wishing to anonymously access repository would be prompted to give their e-mail address as a password. This address is not currently used (TODO!) but could be logged.

Go to the first, previous, next, last section, table of contents.