[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: SVN+SSH access not advisable

From: Bert Huijben <bert_at_vmoo.com>
Date: Fri, 25 Jul 2008 13:20:08 +0200

> -----Original Message-----
> From: Marko Käning <mk362_at_mch.osram.de> [mailto:=?ISO-8859-
> 1?Q?Marko_K=E4ning_<mk362_at_mch.osram.de>?=]
> Sent: vrijdag 25 juli 2008 13:08
> To: Paul Koning
> Cc: users_at_subversion.tigris.org
> Subject: Re: SVN+SSH access not advisable
>
> > That doesn't sound right. What exactly does it say, and where does
> it
> > say it? I can't find anything like this.
>
> Well, see Chapter six of the 1.4 SVN book on page 144:
>
> <qote>
> If you have an existing infrastructure heavily based on SSH accounts,
> and
> if your users already have system accounts on your server machine, then
> it
> makes sense to deploy an svnserve-over-ssh solution. Otherwise, we
> don't
> widely recommend this option to the public. It's generally considered
> safer to have your users access the repository via (imaginary) accounts
> managed by svnserve or Apache, rather than by full-blown system
> accounts.
> If your deep desire for encrypted communication still draws you to this
> option, we recommend using Apache with SSL instead.
> </quote>
>
> My users must be members of a certain group. This groups gets full
> write
> access to the corresponding repository files. So everything (seems) to
> work fine. Perhaps it only seems so?
>
> Perhaps I read the above in a wrong way: it is not recommended, but
> perhaps it doesn't mean that it is forbidden...

It is not forbidden, but: Theoretically every user has the
file-access-rights to destroy the entire repository (or alter history,
circumvent hooks)
Worst case: You lose your repository if a user (or virus) misbehaves
(Probably even worse: Someone changes subversion history without leaving a
trace)

The recommended setups use 'separation of rights' to provide only repository
access to the repository.
Worst case: All files in the repository are deleted, but all history is
preserved (And a few 'svn cp' commands restore everything, preserving
history)

        Bert

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-26 06:29:53 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.