[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [gmane.comp.version-control.subversion.user] Running svnserve as suid svn

From: Alan Barrett <apb_at_cequrux.com>
Date: 2005-11-15 11:09:37 CET

On Tue, 15 Nov 2005, Lars Gullik Bjønnes wrote:
> For several reasons we are required to use svn+ssh:// to access our
> svn repo, at the same time we then dislike that we must have a common
> group for all the svn users, and that the users then can muck around
> in the repo itself and create (unintentinal) havoc.

You don't need to put all the users in a group that can access the
file system that contains the repository. Search for "It is also
possible to have multiple users share a single account" in the red-bean
book (http://svnbook.red-bean.com/). Then your users will access
the repository via URLs like svn+ssh://subversion@hostname/reponame/
(all users sharing the "subversion" account on the server side, but
restricted by ssh configuration so that they can only run svnserve, they
can't login directly as the "subversion" user).

> It seems ut us that a (temporal, until svnserve support SASL/SSL)
> solution might be to make the svnserve binary suid svn.
> Is this something anyone has tried? Will it work as expected, or will
> it burn down the house?

Search the dev mailing list archives for patches from Perry Metzger to
allow svnserve to run setuid or setgid (I forget what Perry implemented,
and I don't use those patches).

--apb (Alan Barrett)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Nov 15 11:10:52 2005

This is an archived mail posted to the Subversion Dev mailing list.