[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security features, path based authorization in subversion

From: Ryan Schmidt <subversion-2008c_at_ryandesign.com>
Date: Fri, 22 Aug 2008 03:41:46 -0500

So it sounds like the repository files are writable by any user. I
would recommend changing that so only a single user, "svn", is
allowed to read and write the repository files. Then, start up
svnserve and require all your users to access the repository using
svnserve, even if they're accessing it from the same machine. You can
have any access restrictions you want, and you remove the risk of
users accidentally (or intentionally) damaging the repository.

On Aug 22, 2008, at 03:35, vinay i wrote:

> Hi Vishwajeet
> What you say makes sense. We don't have separate servers to host
> the repository. All users and the repository are on the same
> machine. Now in this case can't we configure to restrict access to
> some paths for a group of users.
> Thanks
> Vinay
> On Fri, Aug 22, 2008 at 1:23 PM, vishwajeet singh
> <dextrous85_at_gmail.com> wrote:
> Does that really make any sense; if user is logged on server he has
> access to all the resources of server.
> you can set authorization file:/// protocol and why would you like
> to that sounds strange to me. Authentication realm implementation
> for client server model only; why would you like to authenticate a
> user who is already logged in server with his user name and password.
> On Fri, Aug 22, 2008 at 1:00 PM, vinay i <vinay.indresh_at_gmail.com>
> wrote:
> Hi
> I tired using svnserve and apache for security features and path
> based authorization. But when a user has access to the server
> (login to the server) all these authorization fails. He can access
> any path within the repository by file:/// access. Does this mean
> these server configurations are useful only when the repository is
> accessed from a client host? Is there no option available which can
> configure path based access within the server where both repository
> resides and the user is logged in.
> Thanks
> Vinay
> --
> Cheers,
> Vishwajeet
> http://www.singhvishwajeet.com

To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-08-22 10:42:20 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.