[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: apache user invoking svn

From: Bradley Wagner <bradley.wagner_at_hannonhill.com>
Date: 2006-07-27 19:48:47 CEST

On Jul 27, 2006, at 1:33 PM, Toby Johnson wrote:

> Nico Kadel-Garcia wrote:
>> Toby Johnson wrote:
>>> Bradley Wagner wrote:
>>>>
>>>>> svnserve.conf has no affect on Apache, are you running svnserve as
>>>>> well? If your goal is to ensure all access is via http only,
>>>>> all you
>>>>> need to do is make the repo directory owned by the Apache user,
>>>>> with
>>>>> +rwX permissions, and no permissions for group or others.
>>>>
>>>> yes, that is exactly my goal. I was wondering if there was any more
>>>> elegant way in svn to disable access via svn+ssh:// other than
>>>> changing the directory ownership to be only the user running
>>>> apache.
>>>> I think managing a separate authz_db file for svnserve.conf that
>>>> just
>>>> disables all access would probably be easiest. Though, will that
>>>> affect apache's ability to invoke svn? I guess I'm a little unclear
>>>> about the different mechanisms for invoking SVN.
>>>>
>>>> Bradley
>>> How is setting filesystem permissions inelegant? That's exactly what
>>> filesystem permissions are for. The problem is that the svn repo is
>>> just a bunch of files. If someone has access to those files, they
>>> could either access them directly using file://, or they could
>>> set up
>>> their own svnserve process or their own Apache process or whatever
>>> they want to to bypass whatever you might set in some configuration
>>> file.
>>> So the answer is no, there is no way to prevent svn+ssh access
>>> through a config file, because there is no way to force clients to
>>> even use your config file. If you want to prevent all access except
>>> via Apache, then using filesystem permissions is the only way to
>>> accomplish that.
>>
>> There's the pre-commit script and svnperms.conf and svnperms.py,
>> which works just fine.
>
> That's still just a ruse. If someone really wanted to they could
> bypass the pre-commit scripts, or overwrite them. My point is that
> unless you restrict filesystem permissions to just the users that
> have any business writing to those files directly, there's really
> no way to secure it.
>
> If you only want Apache reading/writing those files then only
> Apache should have filesystem permissions to do so, period. Unless
> I'm misunderstanding the problem, that is the issue he is trying to
> solve.

No, you're understanding it correctly and I think you're absolutely
right. Because a user logged on locally could still access the
repository using the file:// bypassing svnserve and the associated
svnserve.conf file all together. It makes sense that if I want to
only allow apache access that the user running the apache process be
the only ones with access to the file.

Thanks for taking the time to explain it.

Bradley

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 27 19:50:24 2006

This is an archived mail posted to the Subversion Users mailing list.