adding to svnserve a new mode for ascertaining the tunnel_user.

From: Omri Schwarz <ocschwar_at_MIT.EDU>
Date: 2006-12-14 05:00:35 CET

Hi, all.

I have repositories that I would like to serve over both https and svn+ssh.
Since they are owned by the Apache user, I would like to make svnserve a
setuid binary (Apache's uid is sufficiently un-privileged for my concerns)
and have it set the tunnel_user variable to be the value of getuid() when
it detects this configuration (which is when getuid() differs from geteuid()).

That would be a simple way to take care of identification and authentication
and then move on to authorization. It also sidesteps the need for public keys
if your shop is using GSSAPI for SSH anyway.

So before I do this, I should ask, is there anything particularly wrong
with that approach? And if not, how do I do this cleanly enough for y'all
to consider taking my patch?

--Omri Schwarz

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Dec 16 10:34:18 2006

This message: [ Message body ]
Next message: Steve Bakke: "File permissions behavior change from 1.2.3/1.3.0 to 1.4.x"
Previous message: Kamesh Jayachandran: "RE: [PATCH] fix the compile error introduced at r22716 in merge-tracking branch"
Next in thread: Max Bowsher: "Re: adding to svnserve a new mode for ascertaining the tunnel_user."
Reply: Max Bowsher: "Re: adding to svnserve a new mode for ascertaining the tunnel_user."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]