webdav configuration setup

Hi, I'm setting up my subversion server to use WebDAV, and I'm just
wondering what people thought of it? Did I missing anything (security
wise)?

All the repositories are in '/srv/svn'.

I created a user svn and group svn, with the svn user's home='srv/svn'
and shell='/bin/false'

I have the following in httpd.conf:
====================================================
<Location /svn>
        DAV svn
        SVNParentPath /srv/svn
        SVNIndexXSLT "/svnindex.xsl"
        
        # user authentication
        AuthType Basic
        AuthName "Subversion repository"
        AuthUserFile /srv/svn/conf/svn_users
        
        # allow anonymous read access
        Satisfy Any
        Require valid-user
        
        # access control policy
        AuthzSVNAccessFile /srv/svn/conf/svn_policy
</Location>
===================================================

and svn_policy:
===================================================
[groups]
pbAnalyzer-dev = svn

[pbAnalyzer:/svn/pbAnalyzer]
@pbAnalyzer-dev = rw

[/]
* = r
===================================================

I've set the permission's on /srv/svn to 'drwsrws', with user and group
owner set to svn.

Now, I just have to make apache process switch use to the svn user when
accessing the repository. But its already using the its own apache user,
group, so is it possible for it to switch to the svn user? Or should I
make group owner of '/srv/svn' apache?

This setup should allow anonymous reads, but require authentication for
commits using user in svn_users.

Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Apr 8 19:20:39 2004