On Fri, 2004-04-09 at 19:51, Ben Collins-Sussman wrote:
> Greg Hudson wrote:
> > On Thu, 2004-04-08 at 21:12, James Dunne wrote:
> >
> >>SVN reads passwd file no matter what auth mode is used. svn+ssh:// incorrectly
> >>checks passwd file since SSH users are already considered authorized. Then,
> >>authorized users are denied if the permissions for passwd file are too high.
> Greg, he's talking about svnserve's own "users" file here.
Oh! Well, some clarifications, then:
* It's the "password file." Unlike Unix, we don't use the
slightly-abbreviated form to define that file.
* With svn+ssh, the client isn't considered "authorized" to start
with; the client is offered a choice of authenticating using EXTERNAL
(which doesn't require providing any additional credentials). So we
still need the password file just as much as we do for regular old
svnserve, since the client is allowed to authenticate with a password
(although our implementation never chooses to).
That said, I can see the utility in having a repository accessed via
both regular svn:// and by svn+ssh://, and with the password file
unreadable by the svn+ssh users. So I'll make a patch which catches
EPERM errors from the svn_config_read() of the password file and treats
them as if no password file was specified.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Apr 10 02:26:32 2004