[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security question for http

From: <santanu.misra_at_reuters.com>
Date: 2004-07-23 16:09:50 CEST

Thanks Scott. I hope I did it correct. One suggestion or rather a small comment

I would like to write a small how to on the setup from apache , berkeleyDB and subversion now

The how to on Linux Joural is great but would like to add small notes like doing a lddconfig or having trouble with two instance of zlib one in /usr/local/lib and /usr/lib and how to over come them.

Any input will be great.

Wish you all a great week end ;)
-Santanu

                                                                                                                                       
                      Scott Barron
                      <scott@elitists.n To: users@subversion.tigris.org
                      et> cc:
                                               Subject: Re: Security question for http
                      22/07/2004 18:46
                                               Header: Internal Use Only
                                                                                                                                       
                                                                                                                                       
                                                                                                                                       

On Thu, Jul 22, 2004 at 09:37:37AM -0700, Seth Falcon wrote:
> On Thu, Jul 22, 2004 at 06:00:22PM +0200, santanu.misra@reuters.com
> wrote:
> > But for http to work I have to do a chmod '666' in the 'db' directory
> > of the repository. I am running apache as 'nobody' and 'nogroup'. We
> > are running other process on the server so I would not like to run
> > apache as any other user(like svn)
>
> > Is it possible to do so ? I could not find any information on the
> > same.
>
> My understanding is that you should run Apache as the user that owns the
> repos. Note that you can run multiple Apache instances if you wish to
> isolate Apache+svn from general web serving Apache...
>
> + seth

Running multiple apache's is precisely what I'm doing to solve this
problem. There is an MPM for apache2 which would allow you to set UID
per vhost but I believe it is in quite a state of disrepair and,
unfortunately, not actively developed. I set my svn apache to listen
only on the local interface, and some other port (like 8080 or what have
you) and then I use mod_proxy to reverse proxy from the web apache so I
don't have to pass around any port numbers to my users. It all works
out really well.

-Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit http://www.reuters.com/messaging

Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 23 16:26:02 2004

This is an archived mail posted to the Subversion Users mailing list.