[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Questions Re. Appendix G. Securing Svnserve using SSH

From: Jeff <jsbmsu_at_gmail.com>
Date: Wed, 16 Jul 2008 07:49:53 -0700 (PDT)

Referring to the how-to located here:
http://tortoisesvn.net/docs/nightly/TortoiseSVN_en/tsvn-ssh-howto.html

1) Am I to understand that this method is intended to support multiple
SVN users by using a single account rather than placing all users into
a common user group on the server, and setting the mess of
permissions? That is, in order to avoid something like...
$ mkdir repos/
$ chgrp yetanothersvngroup repos/
$ chmod g+s repos/
$ svnadmin create repos/
$ chmod -R ug+rwX repos/

2) Regarding the public key setup discussed in the how-to:
http://tortoisesvn.net/docs/nightly/TortoiseSVN_en/tsvn-ssh-testing-tsvn.html

a) Does this setup (using the command="..." in the authorized_keys
file) mean that all users will only be able to use the svnuser account
for public-key, non-interactive login, which is further restricted to
invoking the command supplied as command="..."?

b) We have multiple logical groups (senior design teams, research
groups, class project groups) in my academic department, and would
like to restrict each group to a specific repository or set of
repositories. If we have a separate directory for each group's
repository or set of repositories, can <ReposRootPath> be used to
strictly enforce this group-level access while still having everyone
login via svnuser?

And if a user belongs to more than one logical group, would we just
need an additional line in authorized_keys for each group to which he/
she belongs, with a different corresponding <ReposRootPath> for each?

c) To make sure: will the <author> text override 'svnuser' as far as
what shows up in the logs and in $Author$ keyword substitutions?

d) The blurb about <Comment> being used to map a user's real name: are
they just saying this is a useful place to document who the key is
used for to ease future maintenance of the authorized_keys file?

Thanks in advance. This could really be helpful in my academic
department, where it is impractical to create a new UNIX group for
every semester-long endeavor.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-07-16 17:28:52 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.