I am writing this to bug-cvs as well as bugzilla, as I do not wnow who's
actually concerned. Also, it might be an inetd bug rather than a CVS bug.
If so, I excuse myself for bothering anybody.

RedHat 6.1, cvs version 1.10-6.

This bug is actually very closely related to RH 6.1 #5893, which was
resolved with WONTFIX status. However #5893 applies only if pserver
is run as root. I wanted to run cvs pserver as a normal user anyway.
However, whenever a different user (i.e. not the one pserver is running as)
tries to do any CVS operation, this is the outcome:

$ cvs checkout Madmacs
setuid failed: Operation not permitted
cvs [checkout aborted]: authorization failed: server whisky rejected access

The line in inetd.conf reads:
cvspserver stream tcp nowait martin /usr/bin/cvs cvs \
--allow-root=/data/cvs pserver

"martin" is the user owning the repository /data/cvs.

If "martin" in inetd.conf is replaced by "root", the behaviour is
as described in bug #5893:
$ cvs checkout Madmacs
cvs server: cannot open /root/.cvsignore: Permission denied
cvs [server aborted]: can't chdir(/root): Permission denied

The same configuration (with user "martin") works perfectly on RedHat 5.2
(cvs 1.10-2), which is my current workaround.