Re: chrooted server?

From: Chris Jensen <cjensen_at_edex.com.au>
Date: 2005-03-01 22:48:39 CET

Hi Dirk,
I've not much experience with chrooting things, so I can't say much
about here about how to do it, but here's some other things to think about.
> I searched around but did not find any clear advice. Can it be done?
> Should I better user Apache 2, perhaps also because svnserve cannot
> deal with IPv6 adresses?

It depends what why you want to chroot. If you simply don't want to give
svn users general access to everything via ssh, then apache or chroot
are both fine ways to do that. (You may also want to check out
"restricted shell" or rssh which can limit the commands users make over ssh)

If you're worried about problems with buffer overflows or the like being
used to gain access to the system via the service, then you still run
that risk with Apache and if the svn server is holding other sensitive
data that you don't want svn users to get at, then you should be
chrooting Apache2 too.

Chris

-- 
---------------------------------------------------------------------
Chris Jensen cjensen@edex.com.au
Educational Experience (Australia)
Postal Address: PO Box 860, Newcastle NSW 2300
Freecall:       1-800-025 270      International: +61-2-4923 8222
Fax:            (02) 4942 1991     International: +61-2-4942 1991
Visit our online Toy store! http://www.toysandmore.com.au/
---------------------------------------------------------------------

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Tue Mar 1 22:51:14 2005

This message: [ Message body ]
Next message: Reinhard Brandstädter: "Subversion+Apache+Winbind"
Previous message: Ben Collins-Sussman: "Re: Query subversion for all files that have a certain property"
Next in thread: Dirk Schenkewitz: "Re: chrooted server?"
Reply: Dirk Schenkewitz: "Re: chrooted server?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]