[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: apache user invoking svn

From: Toby Johnson <toby_at_etjohnson.us>
Date: 2006-07-27 16:57:29 CEST

Bradley Wagner wrote:
> I'm sure this is a FAQ, but I couldn't find this question either in
> the SVN FAQ. Basically, which user is invoking the commands on the
> repository when you access it via Apache? My repository is owned by
> root and writable by my developer's group. The http user is definitely
> not in the developer's group, so I'm trying to figure out how it's
> able to write to the repository directory.

There must be a problem with your permissions then, because whatever
user Apache runs as is the one used to access your local repo files.

> Ultimately, what I'm trying to do is disallow individual users from
> running svnserve via svn+ssh:// in favor of going through http://. I
> think I could accomplish this by changing the ownership of the
> repository directory to be writable by root only assuming that apache
> was invoking these commands as the root user.

You can certainly take write permissions away from the dev group (and
probably should) but the apache user still needs read/write permissions
(and execute permissions on directories).

> Otherwise, I'll probably have to maange a different authz-db file for
> the svnserve.conf that disallows access for everyone in addition to
> the one I actually use for apache.

svnserve.conf has no affect on Apache, are you running svnserve as well?
If your goal is to ensure all access is via http only, all you need to
do is make the repo directory owned by the Apache user, with +rwX
permissions, and no permissions for group or others.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 27 16:59:35 2006

This is an archived mail posted to the Subversion Users mailing list.