AW: revoking ssh access after switching to http

Bradley Wagner <mailto:bradley.wagner@hannonhill.com> schrieb am Freitag, 30. Juni 2006 15:17:

> Kind of a strange question but here goes. The svn binaries live in /
> usr/local/bin on my machine. I have just set up Apache2 with SVN
> modules and would like to force users to use this. Is there
> anyway to
> disallow ssh access to the repository? Given that the binaries are
> available when a user logs in via SSH I'm not sure there is a way to
> do this, without moving the ssh binaries. Even then, if a user knew
> the location of the binaries, they could make them available
> on their
> path in their .bashrc file and continue committing with ssh. I can't
> revoked SSH access to the machine because developers need it for
> other things.
>
> My main problem with ssh access is that I can't enforce my access
> restrictions to various parts of the repository as with the Apache2
> modules.
>
> I figure someone must have had this problem before.
>
> Thoughts?

Yes. Make Apache the owner of the subversion repository and remove all group/world read/write priviledges. Unless any of your developers happen to log in as "apache" (or whatever the user is called on your system) they may have the svn binaries at their disposal but can't touch your repo.

>
> Bradley

felix

>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org

-- 
Felix Gilcher
Head of IT Development
Exozet Berlin GmbH
Rotherstraße 20
10245 Berlin
eMail: gilcher@exozet.com
URL: www.exozet.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org