[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: questions before switching from cvs to svn

From: Peter Münster <pmlists_at_free.fr>
Date: 2004-05-19 21:15:19 CEST

On Wed, 19 May 2004, John Peacock wrote:

> Peter Münster wrote:
>
> > Yes, there are apache and svnserve, but we would like to use our well
> > working ssh authentication. After reading a bit the 5th chapter, I've
> > finally found a method, that could fit our needs:
> > suid svn for files /usr/bin/svn and /usr/bin/svnserve and permissions 700
> > for the repository and owner svn. So only these two executables can access
> > the repository. Then, all subdirectories with permissions 770, files 660
> > with owner root and group svnusers.
> > With some custom commit-hook-script, we'll forbid write access in function
> > of author and directory, so we'll get the same as now with cvs: all people
> > in one group have ro access, rw only for special users.
>
> I'm a little confused by what you are describing but I can pretty much guarantee
> that it won't work like you think. Even nominally readonly operations require
> write access to the database directory (for creating temporary tables), so you
> have to overlay specific filesystem access with the built-in security model.

Yes, that's why the permission are 770 and 660 (group svnusers as write
access).

> You can use svnserve in such a way that the only user with rights to the
> repository is the one running svnserve. Then the users can connect to the
> svnserve process over an SSH tunnel. You still need to use the
> conf/svnserve.conf file to establish R/O or R/W access for the users.

Yes, but the possibilities in conf/svnserve.conf seem a little bit limited
to me, only anon-access and auth-access. And creating special passwords in
a "password-db" is not so good, since the users have already passwords for
their Unix-accounts.

Cheers, Peter 

-- 
http://pmrb.free.fr/contact/
________________________________________________________________
FilmSearch engine with a lot of new features: http://f-s.sf.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 20 07:13:30 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.