[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security features, path based authorization in subversion

From: David Weintraub <qazwart_at_gmail.com>
Date: Fri, 22 Aug 2008 11:47:42 -0400

n Fri, Aug 22, 2008 at 3:30 AM, vinay i <vinay.indresh_at_gmail.com> wrote:
> Hi
> I tired using svnserve and apache for security features and path based
> authorization. But when a user has access to the server (login to the
> server) all these authorization fails. He can access any path within the
> repository by file:/// access.

Create a NEW user called "svnserve". Create a new group for this user
and call it "svnserve" too. Then, change all the files in the
repository to be owned by this user and this user's group with a
permission of "rw-r--r--" or even better "rw-r-----". Set this
svnserve's umask to "066". Then run your Subversion server as this
user. This way, developers can't read and write to the repository
using the "file:///" access.

The only reason you should be using "file:///" access is if you have a
private repository, and you don't want to run the server. As soon as
more than one person needs access the repository, you should setup a
special subversion server user and give that user exclusive read and
write access on the repository.

David Weintraub
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-08-22 17:48:06 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.