[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Questions Re. Appendix G. Securing Svnserve using SSH

From: Jeff <jsbmsu_at_gmail.com>
Date: Wed, 16 Jul 2008 10:22:42 -0700 (PDT)

I'm still a bit clumsy with quoting/responding, so please bear with

> I think you are confusing authentication, which is what the SSH key is
> doing, with authorization - which repositories you are allowed to
> access. AFAIK authz is still controlled by the svnserve.conf file in
> the repository, which is where you can add users and groups.

Yes, I think I may be getting ahead of myself here. See below.

> Do you really need to use SSH? If you are not concerned with data
> encryption on the wire, then plain svnserve will do what you want. If
> you do need encryption and you have subversion 1.5 you can use SASL
> which may be easier.

Encryption would be preferred, and we do not have Subversion 1.5 yet
(and may not for some time). Everyone in the department already has
personal SSH accounts. The problem is that every last project (senior
design team, each group doing a class project) needs to have
authorization limited to just a few persons. Creating a UNIX group
for each team is not a desirable approach. What I don't know much
about is this svnserve.conf file. I guess I glossed over it before
while reading the Subversion book, because I wasn't using svnserve as
a running server. Does "svnserve -t" still check the svnserve.conf
and userfile for authentication purposes? I thought it relied solely
on the SSH-authenticated user having direct permissions to the
repository folder & files. But if I'm wrong, and svnserve -t can
check those files for auth purposes....

If we used the single-user, multiple-key setup described, but with
everyone pointed to the same <ReposRootPath>, I guess you're saying we
could then, for each repository, use the svnserve.conf + userfile
under the repository's conf/ directory to control authorization. But
the userfile asks for a password. Can we leave that out and do
something like:


And so, if we're using the command="..." scheme, and harry
authenticates with the key that uses "--tunnel-user=harry" then he
would get access to any repository whose userfile has harry listed
under [users]?

But wait, I'm getting confused... You can login is SSH user 'john',
but pass a --tunnel-user argument of 'jane'. Furthermore, access is/
may be/? controlled either (or by a combination of?) file permissions
to the repository files, and by whether the user (authenticated or --
tunnel-user) is listed in the userfile for the repository.

I'm getting a little confused, but I feel close. Clear as mud yet?

To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-07-16 19:23:29 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.