[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security features, path based authorization in subversion

From: vinay i <vinay.indresh_at_gmail.com>
Date: Mon, 25 Aug 2008 15:25:49 +0530

Thanks David.
But my concern is when I use svnserve as a user and set permissions on the
repository, to authenticate other users I will have to store users and
corresponding passwords. This is a security concern. Can't we have a method
where we don't have to store passwords?


On Fri, Aug 22, 2008 at 9:17 PM, David Weintraub <qazwart_at_gmail.com> wrote:

> n Fri, Aug 22, 2008 at 3:30 AM, vinay i <vinay.indresh_at_gmail.com> wrote:
> > Hi
> > I tired using svnserve and apache for security features and path based
> > authorization. But when a user has access to the server (login to the
> > server) all these authorization fails. He can access any path within the
> > repository by file:/// access.
> Create a NEW user called "svnserve". Create a new group for this user
> and call it "svnserve" too. Then, change all the files in the
> repository to be owned by this user and this user's group with a
> permission of "rw-r--r--" or even better "rw-r-----". Set this
> svnserve's umask to "066". Then run your Subversion server as this
> user. This way, developers can't read and write to the repository
> using the "file:///" access.
> The only reason you should be using "file:///" access is if you have a
> private repository, and you don't want to run the server. As soon as
> more than one person needs access the repository, you should setup a
> special subversion server user and give that user exclusive read and
> write access on the repository.
> --
> David Weintraub
> qazwart_at_gmail.com
Received on 2008-08-25 11:56:09 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.