[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Write Permission on repository may encourage UNIX user to tamper with repository (SSH)

From: Ben Collins-Sussman <sussman_at_red-bean.com>
Date: Thu, 15 May 2008 09:34:39 -0500

In the future, please send usage questions to
users_at_subversion.tigris.org. This list is about the development of
Subversion itself.

To solve your problem, read this section in the book:
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks

Or, if you want far far less hassle, don't use svn+ssh://, but just
plain svn:// instead. (Or even try https:// ).

On Thu, May 15, 2008 at 5:56 AM, Sachidanand Shukla <shukla.68_at_gmail.com> wrote:
> Hi,
>
>
> I am a clearcase administrator with NCR Corp. and am currently persuing
> migration of Clearcase code to SVN.
> I am using svn+ssh to access repositories on Windows clients and server is
> on Solaris box.
> my problem is that i create a login for user on solaris box and ask him to
> access repository from Windows client, but as user has access to solaris box
> also (as his login is created there and repositories also reside there) he
> can temper with repositries because he belongs to the group to which
> repository belongs.
> i tried a lot but could not succeed in protecting it.
> I have configured svnserv (text file) to mask the repository path amnd URL
> does not disclose full path, but even then....
> i tried
> 1. Restricted shell
> 2. chroot is not possible as server is being used by other teams also
> 3. changed .profile etc etc.
> but all in vain.
>
> please suggest some way to solve this problem
>
> Sachidanand Shukla

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-15 16:34:56 CEST

This is an archived mail posted to the Subversion Dev mailing list.