Re: Using svnserve securely

From: Sebastian Tennant <sebyte_at_gmail.com>
Date: Tue, 26 Feb 2008 17:24:01 +0200

Quoth John Peacock <john.peacock_at_havurah-software.org>:
> Sebastian Tennant wrote:
>> Hi list,
>>
>> How to deploy svnserve securely _and_ provide local read/write access to
>> a repository at the same time.
>>
>> _Feedback most welcome_.
>
> Here's my feedback: don't do this!

Cool.

> Local users don't need read/write access to the repository (using
> file://) and in fact it is a bad idea to give them access.

Are you saying that /usr/bin/svn commands, issued locally from within a
working copy ('svn ci -m "test" test.file' for example) effectively have
write permission to the repository regardless of the repository
directory's file permissions?

> Just use a server process that owns the repository files exclusively
> and have the local users access the repo exactly like the remote users
> - via the server process. Whether you use svnserve or Apache, it is
> much more robust and secure to have the repository unavailable via
> file:// completely.

I did consider this but I couldn't think how to actually do it in
practice. Some (newbie level) examples of how this is achieved would be
much appreciated.

> My 2 cents

Invaluable.

Sebastian

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-02-26 16:30:27 CET

This message: [ Message body ]
Next message: pieter de troyer: "Re: build problems"
Previous message: Reedick, Andrew: "RE: Restricting Check-Out Function"
In reply to: John Peacock: "Re: Using svnserve securely"
Next in thread: John Peacock: "Re: Using svnserve securely"
Reply: John Peacock: "Re: Using svnserve securely"
Reply: Toby Thain: "Re: Using svnserve securely"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]