[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SVN configuration over ssh with per-dir access and single unix account

From: Vincent RICHOMME <richom.v_at_free.fr>
Date: 2007-12-09 19:45:27 CET

Hi

I am trying to configure svn without much success.
I would like to offer anonymous access to my repositories and protect
commits by ssh authentification.
I also would like to offer a per directory access so that a know user of
a project cannot access another project.
I read all the articles I found on the subject but it doesn't seem to work.

First I have a system user svn (svn:x:109:116::/home/svn:/bin/bash) with
a group svn.
My repository is located at /var/svn/repository with the following
permissions :

// SVN SYSTEM ACCOUNT WITH a UMASK 0022 AND A PASSWORD
drwxr-xr-x 18 root root 4096 2007-12-02 23:29 var
    drwxr-xr-x 3 root root 4096 2007-10-25 18:33 svn
         +drwxr-xr-x 7 root svn 4096 2007-10-25 18:33 repository
           ->drwxr-sr-x 5 root svn 4096 2007-10-25 19:13 db
           ->...

First question :
when I created the account I read a tutorial where they explain to
create the account like this:
adduser svn --ingroup svn --shell=/bin/bash --system

I have also added in .bashrc
umask 002
but it seems that .bashrc is not loaded automatically.
Does it come from the fact I should not have created the account as a
system account ?

// SSH for SVN account
Since I am using a single unix account and I want ssh for commits I have
added a public/private key in /home/svn/.ssh/authorized_keys:
drwxr-xr-x 2 svn svn 4096 2007-12-09 18:48 .ssh
    -rw------- 1 svn svn 682 2007-12-09 18:48 authorized_keys
       
    command="/usr/bin/svnserve -t --tunnel-user=testme -r
/var/svn/repository" ssh
-dss AAAAB3N...== svn@mydomain.fr

//SVN CONFIG
I have configured the conf file like this :

[general]
### These options control access to the repository for unauthenticated
### and authenticated users. Valid values are "write", "read",
### and "none". The sample settings below are the defaults.
anon-access = read
auth-access = write

### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the conf directory.
### Uncomment the line below to use the default password file.
# password-db = passwd

### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the conf
### directory. If you don't specify an authz-db, no path-based access
### control is done.
### Uncomment the line below to use the default authorization file.
authz-db = authz

### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
# realm = My First Repository

//AUTHZ CONFIG
[groups]
admin = testme

# Users in admin group have ALL access
[/]
@admin = rw

Second question : has the testme user be a real user account or is
it just a svn account ?

Finally when I test this configuration with TortoiseSVN(First I have
converted my private key in Putty format .PPK and I have
declared a connection to my server) it doesn't work when commiting.
svn+ssh://svn@svn_mydomain_fr/myproject/trunk/test.h

I get the following error :
Can't create directory '/var/svn/repository/db/transactions/4-1.txn':
Permission denied

So my last question : WHAT AM I DOING WRONG ?

 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 9 19:45:50 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.