[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AW: revoking ssh access after switching to http

From: Felix Gilcher <gilcher_at_exozet.com>
Date: 2006-06-30 15:27:17 CEST

Bradley Wagner <mailto:bradley.wagner@hannonhill.com> schrieb am Freitag, 30. Juni 2006 15:17:

> Kind of a strange question but here goes. The svn binaries live in /
> usr/local/bin on my machine. I have just set up Apache2 with SVN
> modules and would like to force users to use this. Is there
> anyway to
> disallow ssh access to the repository? Given that the binaries are
> available when a user logs in via SSH I'm not sure there is a way to
> do this, without moving the ssh binaries. Even then, if a user knew
> the location of the binaries, they could make them available
> on their
> path in their .bashrc file and continue committing with ssh. I can't
> revoked SSH access to the machine because developers need it for
> other things.
>
> My main problem with ssh access is that I can't enforce my access
> restrictions to various parts of the repository as with the Apache2
> modules.
>
> I figure someone must have had this problem before.
>
> Thoughts?

Yes. Make Apache the owner of the subversion repository and remove all group/world read/write priviledges. Unless any of your developers happen to log in as "apache" (or whatever the user is called on your system) they may have the svn binaries at their disposal but can't touch your repo.

>
> Bradley

felix

>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org

-- 
Felix Gilcher
Head of IT Development
Exozet Berlin GmbH
Rotherstraße 20
10245 Berlin
eMail: gilcher@exozet.com
URL: www.exozet.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jun 30 15:29:23 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.