[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: chrooted server?

From: Chris Jensen <cjensen_at_edex.com.au>
Date: 2005-03-01 22:48:39 CET

Hi Dirk,
I've not much experience with chrooting things, so I can't say much
about here about how to do it, but here's some other things to think about.
> I searched around but did not find any clear advice. Can it be done?
> Should I better user Apache 2, perhaps also because svnserve cannot
> deal with IPv6 adresses?

It depends what why you want to chroot. If you simply don't want to give
svn users general access to everything via ssh, then apache or chroot
are both fine ways to do that. (You may also want to check out
"restricted shell" or rssh which can limit the commands users make over ssh)

If you're worried about problems with buffer overflows or the like being
used to gain access to the system via the service, then you still run
that risk with Apache and if the svn server is holding other sensitive
data that you don't want svn users to get at, then you should be
chrooting Apache2 too.

Chris

-- 
---------------------------------------------------------------------
Chris Jensen cjensen@edex.com.au
Educational Experience (Australia)
Postal Address: PO Box 860, Newcastle NSW 2300
Freecall:       1-800-025 270      International: +61-2-4923 8222
Fax:            (02) 4942 1991     International: +61-2-4942 1991
Visit our online Toy store! http://www.toysandmore.com.au/
---------------------------------------------------------------------

Received on Tue Mar 1 22:51:14 2005

This is an archived mail posted to the Subversion Users mailing list.