Jason Antman’s Blog

ViewVC (www.viewvc.org), a popular web-based frontend to CVS and SVN, has no access control mechanism, nor does CVS. As a result, when using ViewVC, anyone who can see the web page can browse, download, and view files in the entire CVS repository. While I initially loved this, as I used CVS only for GPL’d projects and snippets of useful code, after a while I decided to put some admin scripts in CVS. Most of them aren’t really sensitive, but provide a bit more of a look at the workings of my systems than I had hoped.

I tried unsuccessfully to implement Apache Auth on the URL. After sitting around for a while, I hit upon a wonderfully simply (yes, inelegent) solution.

Being that ViewVC runs as a CGI script, it runs as the user and group of the webserver – in my case, user ‘www’ and group ‘wwwrun’. How to protect one directory in the repository from being viewed with viewvc? Well, the CVS user ‘cvsuser’ runs as a member of group ‘users’. My main username, ‘jantman’, owns all of the files in the repo. As a result, the permissions required for CVS to run currectly and for all local users to use it, are simply to have the directories in the repository owned by some user and the group ‘users’, while giving both user and group rx permissions to the directory (and, obviously, the user at least should have rwx).

To protect a given directory/module “foo” in your cvsroot from being viewed under ViewVC:

I haven’t been too active on here lately, mainly due to spending my summer as a paid transport EMT, working 50 hours a week or so, and still trying to keep up on “life”.

I have a few things planned for the next month or so of summer, so stay tuned. Some of them include:

• Redesign of my site including lots of information that’s been stored away in text files, and a new wiki for technical information.
• Some embedded development work, and notes on that.
• Converting some sort of low-cost handheld computer, tablet, or eBook reader for use as a Linux-based RSS reader (updated over LAN nightly and cached locally), hopefully including an image of my software as well as some conduit to an RSS reader program, and ability to email a list of “flagged” articles on sync (RSS update over network).
• A vast update of my Code Repo with most of my home-grown F/OSS programs, including my (very basic) web-based budget/finance program.
• An update to PHP EMS Tools
• Notes on my experience with MythTV, an integrating it with IR controls, Cablevision SA set-top box, and ultimately a “smart room”.
• My never-ending quest to find a way to interface a CDMA handset to a computer for purposes of sending SMS from the command line (Nagios out-of-band alerts on a budget).
• A trial run of Asterisk and VoIP from the house to the dorm.
• Some more projects including:
  • Finding and implementing a hardware/software trouble- and change-tracking system, which will also integrate with my Wiki.
  • Choosing bug tracking software for my internal projects.
  • Choosing and implementing a network-wide backup system to handle *nix, Windows, and my remote *nix machines.
  • OpenSolaris.
  • Figuring out a system to handle automated nightly/weekly tasks on my diverse machines including log analysis, backups, software updates, and the usual stuff (SpamAssassin updates and training and other routine tasks).
  • A status tracker/to-do list of my numerous projects.
  • Releasing most of my web-based kludges under GPL for anyone who may be interested.

EMS, Projects emergency medical, linux, mythtv, php ems tools, tablet, update