Provided by: cvstrac_2.0.1-3_amd64 bug

NAME
       cvstrac - Low-ceremony bug tracker for projects under CVS


SYNOPSIS
       cvstrac [ command [ params ... ] ... ]


DESCRIPTION
       The cvstrac command is used to run the CVSTrac web service, or to initialise new databases for projects.

       Please  read the section titled Security and Setup for details of the default password and why you should
       change it.

       This manual page was written for the Debian distribution because the original program source does contain
       a     manual     page.    However    CVSTrac    is    well    documented    at    the    CVSTrac    Wiki,
       <http://www.cvstrac.org/cvstrac/wiki>, and you will be able to fin d more up-to-date information there.


OPTIONS
       Running cvstrac without options produces a usage message. A summary of the command sequences which can be
       passed to cvstrac is included below. For more details, see /usr/share/doc/cvstrac on this system.

       chroot dir user
              Tells  cvstrac  to put itself into the chroot gaol dir and switch to the named user, dropping root
              privileges. These three parameters must be the first passed to cvstrac, and processing of  command
              line parameters continues as normal after the chroot.

       init dir project
              Initialises  a  new  CVSTrac  database.   dir  is  the name of the directory in which you want the
              database to reside, and project is the name of the project  that  CVSTrac  will  be  hosting.  The
              database file will be created as dir/project.db

       The  following parameters cause CVSTrac to begin responding to HTTP requests by various methods. You will
       need to set up the database before use to ensure that only authorised users have  administrative  access.
       PLEASE  READ  and  understand  the section below entitled Security and Setup before using these commands,
       because unless you understand what to do you'll be leaving  your  system  vulnerable  to  arbitrary  code
       execution as the user invoking CVSTrac.

       http dir [ project ]
              Causes  CVSTrac  to start running as an HTTP server on the standard input, displaying responses to
              the standard out.  dir should be the name of a directory holding  project  database  or  databases
              created by cvstrac init and project is the name of a project database without the ".db" extension,
              as for cvstrac init.  If the latter option is given,  access  is  restricted  to  just  the  named
              project DB, and the access URL will change slightly. See below for details.

       cgi dir [ project ]
              Causes  CVSTrac  to respond as a CGI script.  dir and project are interpreted as for cvstrac http.
              This invocation can be installed into a simple shell or Perl  CGI  script  anywhere  on  a  server
              supporting the Common Gateway Interface.

       server port dir [ project ]
              Causes  CVSTrac  to  run  as a self-hosted HTTP server on the specified port.  dir and project are
              interpreted as above.


Access to CVSTrac
       CVSTrac accesses databases created by its own init command, and is accessed remotely by HTTP. If you  did
       not  specify  a  single  project  to access in any of the http, cgi, or server commands, then the running
       CVSTrac instance can be used to access any database in that directory simply by modifying  the  URL,  but
       you will need to supply the name of the database in order to access it.

       For  self-hosted server instances of CVSTrac, and http instances started from inetd, the URL to use is of
       the form

              http://hostname[:port]/

       if you specified a project in the invocation, or

              http://hostname[:port]/project/

       if you didn't.

       If running as a CGI script, simply use the URL you would normally  use  for  the  CGI  script,  with  the
       project name you wish to access tacked on if necessary, as above.

       For details of the default password, and why you should change it, read on!


Security and Setup
       Once CVSTrac is installed and running, you should immediately access it as the setup user, and change the
       password.  The  username  and  password  of  the  setup  user  are  both   "setup".   Passwords,   rather
       counterintuitively, are changed by following the "Logout" hyperlink at the bottom of the main menu on the
       start screen.

       The setup user is able, in normal operation, to configure the service in a way that can  cause  arbitrary
       code  to  be  executed under the same userid as CVSTrac itself. You should be aware of this, and the fact
       that this can easily lead to more serious exploits if the setup user is compromised.

       The chroot functionality described above is not a perfect fix for this, but can be used as an  additional
       security  measure.  See  the section below entitled Runtime Dependencies for details of what binaries the
       chroot gaol will need.


Access to the CVS repository
       CVSTrac should be installed running as a user with read access to the CVS repository specified during the
       interactive  setup.  Certain  commands,  such  as  the ability to modify CVSROOT/passwd require the write
       permissions too.


Runtime Dependencies
       Besides its libraries, CVSTrac requires the following binaries by default: co, rcsdiff,  rlog  and  diff.
       If  running  cvstrac  on  a  Debian system, these will have been installed as dependencies of the cvstrac
       package, or as part of the base system.


SEE ALSO
       The CVSTrac wiki http://www.cvstrac.org/cvstrac/wiki and /usr/share/doc/cvstrac/examples on this system.


AUTHOR
       This manual page was written by Andrew Chadwick <andrewc@piffle.org>, for  the  Debian  GNU/Linux  system
       (but may be used by others).