This package contains two programs: chrootsh and keycopy. Both are helper programs for the CVS repository configuration described at http://gophernet.org/articles/cvs.html chrootsh is a restricted, chrooting shell program, and keycopy is provided to allow users to copy ssh keys into the home directories for their cvs account. For more information on how to use these in a complete CVS system, see the above article. BUILDING keycopy uses PAM for authentication, and as such links to libpam. It has been tested using Linux-PAM and OpenPAM, but other PAM libraries should work as well. Both chrootsh and keycopy contain a few builtin constants to avoid the problems of securely and reliably reading configuration file at runtime. The paths, especially, will likely need to be changed to suit your system, so take a look at chrootsh.h and keycopy.h and tune as desired. Once you have configured everything as desired, both chrootsh and keycopy can be built by running 'make'. The CC, CFLAGS, and LDFLAGS variables may be of interest. To build only keycopy or only chrootsh, use 'make keycopy' or 'make chrootsh'. INSTALLING The keycopy command can be installed by running 'make install'. Be sure to change the prefix, bindir, and DESTDIR variables if the defaults are not desirable. keycopy must be installed setuid root in order to change UIDs to the target user. keycopy uses PAM for authentication, so an entry will need to be added to your /etc/pam.conf file (or /etc/pam.d/keycopy). Something along the lines of the following is probably appropriate: keycopy auth required pam_unix.so keycopy account required pam_unix.so There is no session component, since no session is being opened, and there is no password component since allowing users to update authentication tokens could permit vandalism of accounts for which the password is well-known, such as anonymous CVS accounts. The chrootsh command is not installed by the Makefile. It should be installed setuid root (in order to chroot) in the bin directory of your CVS-chroot area. USING Neither of these tools are particularly useful outside of a CVS environment similar to the one described in http://gophernet.org/articles/cvs.html. See that document for more information.