[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: apache user invoking svn

From: Toby Johnson <toby_at_etjohnson.us>
Date: 2006-07-27 19:33:54 CEST

Nico Kadel-Garcia wrote:
> Toby Johnson wrote:
>> Bradley Wagner wrote:
>>>
>>>> svnserve.conf has no affect on Apache, are you running svnserve as
>>>> well? If your goal is to ensure all access is via http only, all you
>>>> need to do is make the repo directory owned by the Apache user, with
>>>> +rwX permissions, and no permissions for group or others.
>>>
>>> yes, that is exactly my goal. I was wondering if there was any more
>>> elegant way in svn to disable access via svn+ssh:// other than
>>> changing the directory ownership to be only the user running apache.
>>> I think managing a separate authz_db file for svnserve.conf that just
>>> disables all access would probably be easiest. Though, will that
>>> affect apache's ability to invoke svn? I guess I'm a little unclear
>>> about the different mechanisms for invoking SVN.
>>>
>>> Bradley
>> How is setting filesystem permissions inelegant? That's exactly what
>> filesystem permissions are for. The problem is that the svn repo is
>> just a bunch of files. If someone has access to those files, they
>> could either access them directly using file://, or they could set up
>> their own svnserve process or their own Apache process or whatever
>> they want to to bypass whatever you might set in some configuration
>> file.
>> So the answer is no, there is no way to prevent svn+ssh access
>> through a config file, because there is no way to force clients to
>> even use your config file. If you want to prevent all access except
>> via Apache, then using filesystem permissions is the only way to
>> accomplish that.
>
> There's the pre-commit script and svnperms.conf and svnperms.py, which
> works just fine.

That's still just a ruse. If someone really wanted to they could bypass
the pre-commit scripts, or overwrite them. My point is that unless you
restrict filesystem permissions to just the users that have any business
writing to those files directly, there's really no way to secure it.

If you only want Apache reading/writing those files then only Apache
should have filesystem permissions to do so, period. Unless I'm
misunderstanding the problem, that is the issue he is trying to solve.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 27 19:34:18 2006

This is an archived mail posted to the Subversion Users mailing list.