[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn+ssh - limiting access to repository data?

From: Thomas Harold <tgh_at_tgharold.com>
Date: 2006-12-16 03:12:36 CET

I want to setup a repository where group A users have read/write access
to the repository, but group B users have only read access, and anyone
not in either group can't access it at all. (The server is running
Linux and we're using svn+ssh to access.)

The first criteria (group A gets r/w) is pretty easy. I "chgrp" the
repository folders to belong to a dedicated group in /etc/group then add
the users to that group. I make sure that the permissions on the
repository folders are set to "g+w" and set the sticky bit on the
repos/db folder.

Where I'm stuck is how to accomplish the 2nd (group B only gets read)
and 3rd criteria (no unauthorized access).

According to what I've read, when using HTTP, FILE, or SVN+SSH methods
to access the repository, the conf/svnserve.conf file isn't used. So
SVN+SSH users either have all or none access to the repository and you
have to resort to hook scripts?

...

What I may do for some of the instances (where only a single user needs
read/write access) is to give the user write permissions to the folders
and only grant read permissions to the group (and no permissions for
"other/world").

Which gives me an idea. (Chapter 6 in the SVN Book at red-bean.com.) I
can setup a central user account for a repository, have the users
authenticate using public key pairs and then set the --tunnel-user=harry
option in the authorized_keys file.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Dec 16 03:13:24 2006

This is an archived mail posted to the Subversion Users mailing list.