[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve privilege changing/dropping command line options patch

From: John Peacock <jpeacock_at_rowman.com>
Date: 2005-04-26 14:00:49 CEST

Tom Rune Flo wrote:
> The following patch will add two command line options to svnserve,
> allowing users who run svnserve as a stand alone daemon to drop
> privileges to a user specified uid and gid. (-u uid -g gid)

Something to remember is that svnserve has two very different uses:

1) a long running service (supporting the svn:// protocol);
2) a once-off session for shared local access (when supporting the svn+ssh://
protocol, which is just a fancy way to use file:// remotely).

Given that, and the profusion of ways to wrap the first mode, it doesn't seem
quite so elegant to enable svnserve to set it's own uid/gid. FWIW, I tend to
run all of my services under daemontools[1], so I wrap svnserve like this
(lightly munged for "security"):

#!/bin/sh
exec 2>&1
setuidgid svn \
svnserve --daemon \
    --listen-host=##.##.##.## \
    --foreground \
    --root /home/svn/repos

As soon as svnserve starts logging something interesting, I can use multilog[2]
to keep an appropriately large/small set of log files for debugging purposes
without filling up my partition.

John

1) http://cr.yp.to/daemontools.html
2) http://cr.yp.to/daemontools/multilog.html

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4720 Boston Way
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5747
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 26 13:57:14 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.