I was just about to say the same thing, but I'd like to add some
comments about general strategy when dealing with IT departments that
don't seem to know what they are doing.
The last place I worked had one. They had certain mandates that got in
the way of doing business. If you can show your boss, or the IT bosses,
that doing it 'ther way' may slow down production or make the system not
work as efficiently as it could, then that's the angle you have to take.
If IT is percieved as a roadblock to getting product out on time, etc.,
they'll be forced to learn what it is that SCM does and will be better
suited to support you, which is a Good Thing(tm).
-Matt
-----Original Message-----
From: Ryan Schmidt [mailto:subversion-2005@ryandesign.com]
Sent: Thursday, August 04, 2005 8:41 AM
To: Simon Timms
Cc: Subversion List
Subject: Re: Limits on use of the file scheme
On 04.08.2005, at 16:00, Simon Timms wrote:
>> If your admins are happy with serving files they should be happy
>> with serving 'web pages' to the same set of clients.
>
> They aren't. It thier minds they have accepted the security risk that
> is running file shares but they have not accepted the risk that is
> running apache or svnserve.
>
> [snip]
>
> I know right now they are
> very worried about who can administer the repository via svnadmin. Is
> there any way to limit who can use the svnadmin command?
Making the repository available via Apache or svnserve does not give
away additional access via svnadmin. svnadmin, it so happens,
requires that the repository be specified using a local filesystem
path; it does not accept URLs of any kind as a means to identify a
repository. So in order to use svnadmin, you must have a shell
account on the Subversion server.
If you currently offer file:/// access to the repository, that means
you're granting any and all access via svnadmin too. By installing
apache or svnserve and turning off the file:/// access, you would
limit svnadmin access to only those people who have shell accounts
and write permission to the repository files. So I think using
svnserve or apache would be an increase in security for you, not a
decrease as your admins seem to believe.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
**********************************************************************
E-mail sent through the Internet is not secure. Western Asset therefore recommends that you do not send any confidential or sensitive information to us via electronic mail, including social security numbers, account numbers, or personal identification numbers. Delivery, and or timely delivery of Internet mail is not guaranteed. Western Asset therefore recommends that you do not send time sensitive or action-oriented messages to us via electronic mail.
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 4 18:21:12 2005