[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN reads passwd file regardless of connection mode (SSH)

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2004-04-10 02:26:07 CEST

On Fri, 2004-04-09 at 19:51, Ben Collins-Sussman wrote:
> Greg Hudson wrote:
> > On Thu, 2004-04-08 at 21:12, James Dunne wrote:
> >
> >>SVN reads passwd file no matter what auth mode is used. svn+ssh:// incorrectly
> >>checks passwd file since SSH users are already considered authorized. Then,
> >>authorized users are denied if the permissions for passwd file are too high.

> Greg, he's talking about svnserve's own "users" file here.

Oh! Well, some clarifications, then:

  * It's the "password file." Unlike Unix, we don't use the
slightly-abbreviated form to define that file.

  * With svn+ssh, the client isn't considered "authorized" to start
with; the client is offered a choice of authenticating using EXTERNAL
(which doesn't require providing any additional credentials). So we
still need the password file just as much as we do for regular old
svnserve, since the client is allowed to authenticate with a password
(although our implementation never chooses to).

That said, I can see the utility in having a repository accessed via
both regular svn:// and by svn+ssh://, and with the password file
unreadable by the svn+ssh users. So I'll make a patch which catches
EPERM errors from the svn_config_read() of the password file and treats
them as if no password file was specified.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Apr 10 02:26:32 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.