• CvsNtAdministration

This is the documentation to setup a new CVS repository using the CvsNt software. In our setup we have a top level repository with "sub-repositories" for each customer beneath that. Employees log into the master repository, customers log into their specific repository. This needed to be done because CVS requires "list" permissions in the root directory or it pukes and we didn't want customers to be able to see each others directories. -- AdamShand

Introduction

The main purpose of moving to CvsNt was to allow the application engineers to have decent levels of control over their repositories. Because of the dynamic nature of their interaction with customers their CVS needs are quit different then the majority of our other CVS users.

The AE CVS server lives in a domain called DOMAIN. Since this is a different domain then our main Domain, new user accounts must be created in order to gain access to the CVS repositories. With this setup there are two ways of controlling access to repositories with our CvsNt configuration.

Using Repositories

Each company that we work with gets their own repository. The repository will be have a directory path of /cvsroot/CUSTOMER. This means that each company can only access from that point and lower in the directory hierarchy.

Using File Permissions

File permissions are what do the majority of the security work. Because all users belong to the same domain (both external employees and customers) technically any user can log into any repository. What stops this from happening is file permissions. In order to log in to a CVS repository the user must have the ability to read the CVSROOT/* files, and we set the permissions so that each customer can only read their own files.

Maintenance Tasks

Connecting to the CVS Server

In order to manage users, groups and repositories you need to log into the CVS server.

• Make sure that you have terminal services client for Windows installed (if you don't you can <a href="http://pix6/generalsoftware/Microsoft/Terminal%20Services/">download it from the intranet</a>).

• Use the dialog box to connect to SERVER.

• Log into SERVER. Make sure that you have the "Domain" set to "DOMAIN" and that you use the username and password for this domain rather then your normal username and password.

• Do whatever work you need to do.
• Log off (It's important that you log off rather then just shutting down the window). Also be careful that you don't shutdown the computer instead of logging off.

Adding a new Employee

All employees have privileged access to the CVS repository and can see all company repositories with a single log in. To create a new account:

• Go to "Start - Programs - Administrative Tools - Active Directory Users and Computers".

• Right click on "Users" and select "New - User" and finish the wizard (make sure their name matches their existing NT account name).

• Find their name in the right hand panel, right click on it and select "Properties - Member Of".

• Add them to the "cvsae" group.

Once created they should be able to log in with this CVSROOT (where USER is their username):

• :pserver:USER@cvs.domain.com:/cvsroot

Setting up a New Company and Repository

When we start collaboration with a new customer and need a CVS repository setup here's what you do.

• Go to "Start - Settings - Control Panel - CVS for NT".

• Select the "Repositories" tab and click on "Add".

• Type C:/repositories/cvsroot/COMPANY (where COMPANY is the name of the new company) and click "OK". Note: It is important that you use forward slashes (ie. /) instead of the normal Windows backslashes (ie. \).

• Click "Yes" when it asks you if you want to create it .

• Select the "Service Status" tab and stop and start the "CVS Service".

• Go to "Start - Programs - Administrative Tools - Active Directory Users and Computers".

• Right click on "Users" and select "New - Group". Please start the group name with "cvsgrp_" as this makes it more obvious what is what later. If you aren't sure what to do please look at the existing groups for examples. Click "OK".

• In explorer browse to C:\repositories\cvsroot.

• Right click on the folder which matches the name of repository you have already created and select "Properties".

• Select the "Security" tab.

• Click "Add" and find the group you created earlier in the list that pops up.

• Select the group and click "OK".

• While making sure that the group name you just added is still selected in the "Name" box, select the "Allow" tick box on the line that has "Modify" and click "OK".

You are now ready to add users for that company.

Adding a User

Before you can add a users account their company repository and group needs to already exist. If it doesn't please do that first.

• Go to "Start - Programs - Administrative Tools - Active Directory Users and Computers".

• Right click on "Users" and select "New - User" and finish the wizard.

• Find their name in the right hand panel, right click on it and select "Properties - Member Of".

• Add them to the group which corresponds to their company.

Once created they should be able to log in with this CVSROOT (where USER is their username and COMPANY is the name of the repository you just created):

• :pserver:USER@cvs.domain.com:/cvsroot/COMPANY

Resetting a User's Password

If a user has forgotten their password or needs it changed for security reasons (eg. someone else knows their password) you can change their password by:

• Go to "Start - Programs - Administrative Tools - Active Directory Users and Computers".

• Click on "Users" and find their username in the right panel.

• Right click on their username and select "Reset Password" and then finish the wizard.

Enabling or Disabling a User's Account

If you wish to disable an account:

• Go to "Start - Programs - Administrative Tools - Active Directory Users and Computers".

• Click on "Users" and find their username in the right panel.

• Right click on their username and select "Disable Account".

To enable a disabled account do the same thing only choose "Enable Account". You will be able to tell if the account is disabled by the red circle with an X in it before their name.

Removing a Company's Access

Most of the time you won't want to actually remove a repository, you will just want to revoke a companies ability to access it.

• In explorer browse to C:\repositories\cvsroot.

• Right click on the folder which matches the name of repository you have already created and select "Properties".

• Select the "Security" tab.

• Select each group in the "Name" box which starts with "cvsgrp_" and click "Remove".

• Click "OK".

Removing a User

When a user no longer works for the company or is no longer working on a project their account should be removed:

• Go to "Start - Programs - Administrative Tools - Active Directory Users and Computers".

• Click on "Users" and find their username in the right panel.

• Right click on their username and select "Delete".

Administrative Notes

• Terminal services supports a maximum of two simultaneous connections. Make sure that you log out when you are done. Also, make sure that you logout instead of shutting down the server.

• Currently in order to reach the CVS server you must be VPN'd into our network. This means that you are either at the Portland, Toronto, San Jose, Tokyo or Taipei offices or are using VPN client on your computer to connect. Later access will be provided by the stunnel wrapper.

• For security purposes it's crucial that each company has their own repository. If for some reason there is a non-employee that needs access to multiple repositories you can add them to multiple customer/company groups.
• Passwords are set to automatically expire every three months. This is an attempt to stop customer accounts lingering on forever.

• Do not make changes directly to the CVS files unless you are sure you know what you are doing. You are much safer to make any changes you need via CVS.

• With version > 2.0 the maximum number of repositories is 1024 (unlimited if you edit the registry by hand). Note that in older versions the limit was 64 repositories.

CategoryGeek