[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security features, path based authorization in subversion

From: vinay i <vinay.indresh_at_gmail.com>
Date: Fri, 22 Aug 2008 14:26:50 +0530

One more thing. I actually set permissions on a repository only to the owner
with chmod 700 to user 'svn'. Configured Authz for various users with
different read write permissions. The users are not able to access the
repository at all using svn+ssh. It always complains access denied.

On Fri, Aug 22, 2008 at 2:22 PM, vinay i <vinay.indresh_at_gmail.com> wrote:

> Ryan I did try this out though I didn't create a sinlge user. But I started
> svnserve and setup access control for users in the Autz file. When users
> used svn+ssh everythign seemed to work fine, but when they use file:/// no
> access restrictions worked. If I create a sinlge user svn how will it help
> the cause? Do you mean to say set permissions on the repository directly to
> only single user, svn. Then allow others to access the repository through
> svnserve?
>
>
> On Fri, Aug 22, 2008 at 2:11 PM, Ryan Schmidt <
> subversion-2008c_at_ryandesign.com> wrote:
>
>> So it sounds like the repository files are writable by any user. I would
>> recommend changing that so only a single user, "svn", is allowed to read and
>> write the repository files. Then, start up svnserve and require all your
>> users to access the repository using svnserve, even if they're accessing it
>> from the same machine. You can have any access restrictions you want, and
>> you remove the risk of users accidentally (or intentionally) damaging the
>> repository.
>>
>>
>>
>> On Aug 22, 2008, at 03:35, vinay i wrote:
>>
>> Hi Vishwajeet
>>> What you say makes sense. We don't have separate servers to host the
>>> repository. All users and the repository are on the same machine. Now in
>>> this case can't we configure to restrict access to some paths for a group of
>>> users.
>>>
>>> Thanks
>>> Vinay
>>>
>>>
>>> On Fri, Aug 22, 2008 at 1:23 PM, vishwajeet singh <dextrous85_at_gmail.com>
>>> wrote:
>>> Does that really make any sense; if user is logged on server he has
>>> access to all the resources of server.
>>> you can set authorization file:/// protocol and why would you like to
>>> that sounds strange to me. Authentication realm implementation for client
>>> server model only; why would you like to authenticate a user who is already
>>> logged in server with his user name and password.
>>>
>>>
>>> On Fri, Aug 22, 2008 at 1:00 PM, vinay i <vinay.indresh_at_gmail.com>
>>> wrote:
>>> Hi
>>> I tired using svnserve and apache for security features and path based
>>> authorization. But when a user has access to the server (login to the
>>> server) all these authorization fails. He can access any path within the
>>> repository by file:/// access. Does this mean these server configurations
>>> are useful only when the repository is accessed from a client host? Is there
>>> no option available which can configure path based access within the server
>>> where both repository resides and the user is logged in.
>>>
>>> Thanks
>>> Vinay
>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Vishwajeet
>>> http://www.singhvishwajeet.com
>>>
>>>
>>
>
>
> --
> I Vinay
> D E Shaw & Co
> Phone:+919000212127
>

-- 
I Vinay
D E Shaw & Co
Phone:+919000212127
Received on 2008-08-22 10:57:16 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.