Re: questions before switching from cvs to svn

Peter Münster wrote:

> Yes, there are apache and svnserve, but we would like to use our well
> working ssh authentication. After reading a bit the 5th chapter, I've
> finally found a method, that could fit our needs:
> suid svn for files /usr/bin/svn and /usr/bin/svnserve and permissions 700
> for the repository and owner svn. So only these two executables can access
> the repository. Then, all subdirectories with permissions 770, files 660
> with owner root and group svnusers.
> With some custom commit-hook-script, we'll forbid write access in function
> of author and directory, so we'll get the same as now with cvs: all people
> in one group have ro access, rw only for special users.

I'm a little confused by what you are describing but I can pretty much guarantee
that it won't work like you think. Even nominally readonly operations require
write access to the database directory (for creating temporary tables), so you
have to overlay specific filesystem access with the built-in security model.

You can use svnserve in such a way that the only user with rights to the
repository is the one running svnserve. Then the users can connect to the
svnserve process over an SSH tunnel. You still need to use the
conf/svnserve.conf file to establish R/O or R/W access for the users.

HTH

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org