On Thu, May 15, 2008 at 6:56 AM, Sachidanand Shukla <shukla.68_at_gmail.com> wrote:
>
> I am a clearcase administrator with NCR Corp. and am currently persuing
> migration of Clearcase code to SVN.
> I am using svn+ssh to access repositories on Windows clients and server is
> on Solaris box.
> my problem is that i create a login for user on solaris box and ask him to
> access repository from Windows client, but as user has access to solaris box
> also (as his login is created there and repositories also reside there) he
> can temper with repositries because he belongs to the group to which
> repository belongs.
> i tried a lot but could not succeed in protecting it.
> I have configured svnserv (text file) to mask the repository path amnd URL
> does not disclose full path, but even then....
> i tried
> 1. Restricted shell
> 2. chroot is not possible as server is being used by other teams also
> 3. changed .profile etc etc.
> but all in vain.
This is actually documented in the manual. From
http://svnbook.red-bean.com/en/1.4/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshauth
"When running over a tunnel, authorization is primarily controlled by
operating system permissions to the repository's database files; it's
very much the same as if Harry were accessing the repository directly
via a file:// URL. If multiple system users are going to be accessing
the repository directly, you may want to place them into a common
group, and you'll need to be careful about umasks."
Not a solution, just pointing out that it is documented that this is
how things are intended to be.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-05-15 15:15:49 CEST