[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

adding to svnserve a new mode for ascertaining the tunnel_user.

From: Omri Schwarz <ocschwar_at_MIT.EDU>
Date: 2006-12-14 05:00:35 CET

Hi, all.

I have repositories that I would like to serve over both https and svn+ssh.
Since they are owned by the Apache user, I would like to make svnserve a
setuid binary (Apache's uid is sufficiently un-privileged for my concerns)
and have it set the tunnel_user variable to be the value of getuid() when
it detects this configuration (which is when getuid() differs from geteuid()).

That would be a simple way to take care of identification and authentication
and then move on to authorization. It also sidesteps the need for public keys
if your shop is using GSSAPI for SSH anyway.

So before I do this, I should ask, is there anything particularly wrong
with that approach? And if not, how do I do this cleanly enough for y'all
to consider taking my patch?

--Omri Schwarz

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Dec 16 10:34:18 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.