[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security question for http

From: Scott Barron <scott_at_elitists.net>
Date: 2004-07-22 18:46:26 CEST

On Thu, Jul 22, 2004 at 09:37:37AM -0700, Seth Falcon wrote:
> On Thu, Jul 22, 2004 at 06:00:22PM +0200, santanu.misra@reuters.com
> wrote:
> > But for http to work I have to do a chmod '666' in the 'db' directory
> > of the repository. I am running apache as 'nobody' and 'nogroup'. We
> > are running other process on the server so I would not like to run
> > apache as any other user(like svn)
>
> > Is it possible to do so ? I could not find any information on the
> > same.
>
> My understanding is that you should run Apache as the user that owns the
> repos. Note that you can run multiple Apache instances if you wish to
> isolate Apache+svn from general web serving Apache...
>
> + seth

Running multiple apache's is precisely what I'm doing to solve this
problem. There is an MPM for apache2 which would allow you to set UID
per vhost but I believe it is in quite a state of disrepair and,
unfortunately, not actively developed. I set my svn apache to listen
only on the local interface, and some other port (like 8080 or what have
you) and then I use mod_proxy to reverse proxy from the web apache so I
don't have to pass around any port numbers to my users. It all works
out really well.

-Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 22 20:10:14 2004

This is an archived mail posted to the Subversion Users mailing list.