cvs + xinetd setgid problem

[Dan Barrett]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folks,
I'm trying to run a cvs respository on my Gentoo box.  I've got xinetd 
running, with the cvspserver config (/etc/xinetd.d/cvspserver) looking like 
so:

service cvspserver
{
        disable         = no
        socket_type     = stream
        wait            = no
        user            = cvs
        group           = cvs
        log_type        = FILE /var/log/cvspserver
        protocol        = tcp
        env             = HOME=/var/cvsroot
        log_on_failure  += USERID
        port            = 2401
        server          = /usr/bin/cvs
        server_args     = -f --allow-root=/var/cvsroot pserver
}


Nothing special.  Meanwhile, /etc/xinetd.conf looks like this:

defaults
{
        only_from      = localhost
        instances      = 60
        log_type       = SYSLOG authpriv info
        log_on_success = HOST PID
        log_on_failure = HOST
        cps            = 25 30
}

Great -- everything is locked down just the way I need it.  I can login just 
fine using `cvs login`, but when I execute any other command (for instance, 
an initial import into the new repository), metalog shows me this:

[cvs] setgid to 100 failed (Operation not permitted): real 1005/415, effective 
1005/415

So cvs is trying to setgid to the "users" group, even though the calling user 
(me) has newgrp'ed to the "coders" group:

uid=500(barretda) gid=411(coders)

According to /etc/xinetd.d/cvspserver, the cvs binary should be running as 
user cvs, group cvs.  What am I missing?

Best,
d.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAO5U/sIjNiQTGkXARAnEMAJwOk+mbkhufwdazicWc9iXpFPdeUwCfcG/4
S0h8ohyu5rzfIRLUI32MhC0=
=pnLl
-----END PGP SIGNATURE-----