[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Any other authorization method except svnserve or apache?

From: Ed MacDonald <edmacdonald_at_hotmail.com>
Date: 2004-12-27 20:02:01 CET

The svn+ssh protocol does *not* use svnserve in daemon mode. It just opens
a remote shell and executes a command (its own svnserve process that dies at
the end of the command). As a result the user must have write access to the
repo (at least if BDB is used - I don't know about the new FSFS).

"SVN over SSH" is different. You separately establish an SSH tunnel to the
host (or network) and tunnel the svn:// protocol through it. From then it
is just like you are using the svn:// protocol. The advantage is that the
user doesn't need *any* permissions on the server (other than the ability to
connect). In this instance the svnserve is running in daemon mode and will
restrict access to the repo based on the settings in the svnserve.conf and
password-db if any.

Ed

----- Original Message -----
From: "Kevin Williams" <kevin@bantamtech.com>
Cc: <users@subversion.tigris.org>
Sent: Monday, December 27, 2004 11:32 AM
Subject: Re: Any other authorization method except svnserve or apache?

> Yes, you're right. Sorry. I haven't used svn+ssh:// in a while. :-/
>
>
> Jack O'Quin wrote:
> >>Ulrich Eckhardt wrote:
> >>
> >>>A third (and last) option is using SVN over SSH, using the system's
> >>>users to authenticate. However, this method is even more simple than
> >>>svnserve, as it doesn't even allow read-only access.
> >
> >
> > Kevin Williams <kevin@bantamtech.com> writes:
> >
> >
> >>I don't believe that's true. The repository is under the same
> >>permissions rules as any other file on the system. If the repository
> >>permissions are -rwxr-x--- and the user is in the "svn" group, the
> >>user would have read-only permission. If the user is not in the group
> >>they would have no permissions.
> >
> >
> > I understood the docs to say that even read-only access to the
> > repository requires that the server have R/W access to all its files.
> >
> > http://svnbook.red-bean.com/en/1.0/ch06s05.html
> >
> > But, even if the svnserve daemon has R/W access all the time, can't it
> > still grant individual users R/O access via its built-in authorization
> > mechanism?
>
> ----------
> Scanned for viruses by ClamAV
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Dec 27 20:08:12 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.