On Tue, 15 Nov 2005, Lars Gullik Bjønnes wrote:
> For several reasons we are required to use svn+ssh:// to access our
> svn repo, at the same time we then dislike that we must have a common
> group for all the svn users, and that the users then can muck around
> in the repo itself and create (unintentinal) havoc.
You don't need to put all the users in a group that can access the
file system that contains the repository. Search for "It is also
possible to have multiple users share a single account" in the red-bean
book (http://svnbook.red-bean.com/). Then your users will access
the repository via URLs like svn+ssh://subversion@hostname/reponame/
(all users sharing the "subversion" account on the server side, but
restricted by ssh configuration so that they can only run svnserve, they
can't login directly as the "subversion" user).
> It seems ut us that a (temporal, until svnserve support SASL/SSL)
> solution might be to make the svnserve binary suid svn.
> Is this something anyone has tried? Will it work as expected, or will
> it burn down the house?
Search the dev mailing list archives for patches from Perry Metzger to
allow svnserve to run setuid or setgid (I forget what Perry implemented,
and I don't use those patches).
--apb (Alan Barrett)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Nov 15 11:10:52 2005