[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Using Subversion's apache server for more than Subversion

From: Scott Lamb <slamb_at_slamb.org>
Date: 2002-09-09 17:17:28 CEST

Jeff Stuart wrote:
> Ok, next stupid question. :D
>
> The httpd that I create that will house the repository for SVN can that be
> used for normal web hosting? IE the machine I'm thinking of using for the
> repository will also be used for big brother monitoring, etc... IE just a
> devel/utility server. So I'd LOVE to have the one httpd proc handle both SVN
> requests and NORMAL requests. Is this possible/doable/advisable?

Yeah. I do this. Subversion just wants a <Location> somewhere within
your Apache config.

You've gotta keep security in mind when you do it, though. It's common
to have dynamic content stuff running stuff as the Apache user. If you
have virtual hosting, this means users can do whatever they want to your
Subversion repository, since it must be writable by the Apache user. Or,
in your specific case, if there are exploitable bugs in the dynamic
stuff you are running. There are several things you can do:

- CGIs: enable suexec
- mod_perl, mod_python, mod_snake, mod_ruby: ???
There's a perchild MPM in Apache to help this problem, but it's
experimental.
- mod_php: enable safe_mode (needs a patch, I can send it to you)
- Java servlets: run as a different user than Apache and/or use the
JVM's security constraints.

-- 
Scott Lamb
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Sep 9 17:18:29 2002

This is an archived mail posted to the Subversion Dev mailing list.