Is there a way to disable the cvs init command for the cvsd daemon?

Question

Is there a way to prevent users from doing 'cvs init'?

'cvs init' creates a new repository. The doc says it is a safe operation on an existing repository, since it does not overwrite any files. But the problem is, administrative files in CVSROOT will be changed.

For example, we have a CVSROOT/loginfo script that mails commit info to a mailing group. After doing cvs init on that repo, it is replaced by a 'clean' version.

We use cvs 1.12.13 on a linux box running as stand-alone server and connect mostly from windows using the pserver protocol.

Setting the rights in CVSROOT didn't help, because the cvsd daemon runs as root. (It needs to incorporate into the executing user).

Problem is, that some users not so familiar with cvs tried 'cvs init' instead of 'cvs import' to create a new module.

Answer 1

I'm assuming that you have sysadmin authority over the machines. You could provide a wrapper around the real CVS binary to prevent certain commands from running and store this wrapper in such a way that it gets picked up before the real CVS. It's a bit of a hack but in a pinch, it would work:

#!/bin/bash

REAL_CVS=/usr/bin/cvs

case $1 in
  init)
  echo "The use of $1 is restricted. Contact your CVS administrator"
  exit 1
esac

$REAL_CVS $*`

An other option would be to recompile the CVS client to disable the init command. Take a look at:

http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/client.c?revision=1.483&view=markup

It would be trivial to modify this function to print out something.

void
send_init_command (void)
{
    /* This is here because we need the current_parsed_root->directory variable.  */
    send_to_server ("init ", 0);
    send_to_server (current_parsed_root->directory, 0);
    send_to_server ("\012", 0);
}