[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: apache user invoking svn

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-07-27 16:55:59 CEST

Bradley Wagner wrote:
> I'm sure this is a FAQ, but I couldn't find this question either in
> the SVN FAQ. Basically, which user is invoking the commands on the
> repository when you access it via Apache? My repository is owned by
> root and writable by my developer's group. The http user is
> definitely not in the developer's group, so I'm trying to figure out
> how it's able to write to the repository directory.

The owner of the httpd daemon, typically "httpd" or "apache" or "www"
depending on your particular setup. It might be a really useful technique to
use a virtual server for SVN and use "AssignUserID svnserve", to keep
ownership consistent for any svnserve access.

> Ultimately, what I'm trying to do is disallow individual users from
> running svnserve via svn+ssh:// in favor of going through http://. I
> think I could accomplish this by changing the ownership of the
> repository directory to be writable by root only assuming that apache
> was invoking these commands as the root user.

You'll break anything that's already checked out from being checked back in,
until they do a "switch" command. But yes, you should be able to yank write
permissions for the svnserve user in svnserve.conf.

> Otherwise, I'll probably have to maange a different authz-db file for
> the svnserve.conf that disallows access for everyone in addition to
> the one I actually use for apache.

Well, yes. But I dislike the syntax and limited read/write/none access of
the svnserve.conf. Take a good look at svnperms.conf and svnperms.py,
seriously, and a matching pre-commit script. It works very well for
providing excellent resolution over read, add, update, and delete
capabilities as discrete settings.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 27 16:57:18 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.