Many IT people today have greatness thrust upon them, and I have just
implemented a Collabnet SVN Server quick, fast and in a hurry with a
modicum of IT knowledge. I count myself fortunate to have found CSS, as it
allowed me to quickly set up a the server meeting security guidelines with a
minimum of developer disruption.
My task would have been easier if:
- The SVN guide showed me how to implement global SVN+Apache server
security, not just SVN repository security.
- The SVN guide warned TortoiseSVN+mod_authz_svn users to grant
read all users read access to the SVN repository root. It seems that at
least one TSVN feature (the revision graph) requires access to the SVN
verbose log, and if the user does not have read access to the root, they
cannot read the log and the revision graph fails (even if they have read
access for the file they are graphing). The only way around this problem
seems to be to grant all users read access in the root, and to restrict
access as necessary in immediate subdirectories of the root. This compromise
restores TSVN revision graphing at the cost of unprotecting files in the SVN
root. Unless and until this issue is addressed, users need to know how to
configure the SVN access file to work around it. I can provide some
- The SVN guide contained some information about obtaining a
compatible mod_auth_sspi module and configuring Win32 domain authentication,
including an access file example. Maybe (dare I hope) mod_auth_sspi.o could
even ship with SVN or CSS (Microphobia notwithstanding, a lot of us have no
choice but to work with Windows).
If the SVN guide does include this information, don't kill me too hard.
Received on Wed Sep 19 17:19:14 2007