Re: Getting exclusive access to the repository

Justin Erenkrantz jerenkrantz@apache.org writes:

 --On Thursday, January 23, 2003 9:07 PM -0500 Eric Gillespie
 epg@pretzelnet.org wrote:
 
  So chmod 0 the repo. You shouldn't have your normal web serving
  Apache user having write access to your repository anyway.
  Partitioning is good.
 
 If httpd can't write to the repository, then how would ra_dav work?

*An* httpd can write to the repository, but not your normal web
serving guy. A separate, minimalist httpd running as its own
user should be the one with write access to your repo. This is
not a new or innovative concept.

You can map this other httpd into the namespace of your normal
web server with ProxyPass, if you feel that is necessary. This
is exactly how my system was setup before i switched to ra_svn.
A minimalist httpd listened on localhost:82. Local users
accessed the repository via http://localhost:82/svn/ with no
encryption.

The public httpd listening on *:80 had these directives in the
main vhost and the SSL one:

    ProxyPass /svn http://localhost:82/svn
    ProxyPassReverse /svn http://localhost:82/svn

The main vhost had the following additional directives, to ensure
that remote write access went through https:

    Location /svn
        LimitExcept GET HEAD OPTIONS POST PROPFIND REPORT TRACE
            Order deny,allow
            Deny from all
        /LimitExcept
    /Location

--
Eric Gillespie * epg@pretzelnet.org

Build a fire for a man, and he'll be warm for a day. Set a man on
fire, and he'll be warm for the rest of his life. -Terry Pratchett

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:11:42 2006