On Wed, 25 Aug 2004 18:34:34 -0400, Jeff Squyres
<jsquyres@lam-mpi.org> wrote:
>We have a case where multiple developers sharing a single checkout is a
>good thing -- the live docroot on a web site. We all develop in our
>own, separate checkouts, but when we hit a stable point (which is
>actually quite frequently), someone has to go do an "svn up" in the
>live docroot. This is also, obviously, an SVN checkout.
>
>Because of our workflow and the nature of our changes to the web site
>(little changes in unrelated files -- it's a large web site and little
>pieces of information change all the time), it really makes sense to
>allow anyone in the group to be able to do an "svn up". The other
>obvious alternative is to have only one person be able to do the "svn
>up" in the live docroot -- which is the way it has to be now -- but
>this has led to major bottlenecks.
I've got a similar situation (but with only one other user needing
access), but the way I've done it is to have a shell script on the
server that does the "svn up". Since nobody but me should have access
to the server, I've put in a passwordless SSH login that is restricted
to executing that one command, i.e. .ssh/authorized_keys2 contains
command="./update_devel.sh" ssh-rsa ...
where the ... part is the public key from the other user. The other
user just needs to try to ssh to this machine and the update is done.
I've been assuming this is a secure way to handle this problem, but am
I fooling myself? If someone got hold of their private key, would
there be a way to get shell access to the web server?
Duncan Murdoch
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 30 16:49:32 2004