[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: questions before switching from cvs to svn

From: John Peacock <jpeacock_at_rowman.com>
Date: 2004-05-19 20:46:07 CEST

Peter Münster wrote:

> Yes, there are apache and svnserve, but we would like to use our well
> working ssh authentication. After reading a bit the 5th chapter, I've
> finally found a method, that could fit our needs:
> suid svn for files /usr/bin/svn and /usr/bin/svnserve and permissions 700
> for the repository and owner svn. So only these two executables can access
> the repository. Then, all subdirectories with permissions 770, files 660
> with owner root and group svnusers.
> With some custom commit-hook-script, we'll forbid write access in function
> of author and directory, so we'll get the same as now with cvs: all people
> in one group have ro access, rw only for special users.

I'm a little confused by what you are describing but I can pretty much guarantee
that it won't work like you think. Even nominally readonly operations require
write access to the database directory (for creating temporary tables), so you
have to overlay specific filesystem access with the built-in security model.

You can use svnserve in such a way that the only user with rights to the
repository is the one running svnserve. Then the users can connect to the
svnserve process over an SSH tunnel. You still need to use the
conf/svnserve.conf file to establish R/O or R/W access for the users.

HTH

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed May 19 20:48:32 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.