Subject: Re: OT: recommendation for vm tuning for anoncvs mirror?
To: None <firstname.lastname@example.org>
From: Jeff Rizzo <email@example.com>
Date: 02/27/2005 20:10:21
Thor Lancelot Simon wrote:
>On Sat, Feb 26, 2005 at 05:07:02PM -0800, Jeff Rizzo wrote:
>>I'm talking about the CVSREADONLYFS env variable that (for example)
>>OpenBSD's cvs seems to support, and that I think I saw mention of in the
>>cvs 1.12.X distribution, but does not appear to be in NetBSD's cvs
>>1.11.17. It's quite possible (even likely) that I'm just missing
>>something, but I can't get things to work unless I set LockDir to a
>>writeable directory in CVSROOT/config.
>You're missing the "-u" flag to cvs server.
Ah, nice. Even nicer if it was in the documentation. :)
>You may find the attached program useful. It is a login shell for
>an unprivileged 'anoncvs' user, but should be setuid 'checkout'.
>The idea is that, inside your chroot, you run the sshd as an
>unprivileged user (you can use systrace to allow it to bind port
>22 on the appropriate IP address, or use ipf to translate port 22
>on the appropriate address to some high port that it can bind without
>using root privs at all), "anoncvs". This means that
>your chroot should have spwd.db copied over pwd.db in /etc and
>so forth so that all the password stuff works for a non-root user;
>tnis way you have no process in the chroot running as root *at all*.
Thanks, I was originally using a more recent version of anoncvssh from
OpenBSD, but I think I prefer the changes you've made to it. Now that
I've gotten everything repartitioned and separated on disks as you
recommended, the machine is _much_ happier under the testing load I've
put on it. (I still haven't tweaked vfs_bio, though)
If anyone else would like to test it out, it's now publically accessible
- I'd appreciate any feedback on its performance or problems it may
have. (ssh only for the moment - pserver is giving me trouble and I'm
not entirely comfortable with it) Set your CVSROOT to:
Thanks for all the help and feedback.