On Sun, Nov 2, 2008 at 9:39 PM, Ryan Schmidt
<subversion-2008c_at_ryandesign.com> wrote:
<snip>
>>> Since the FAQ is non-specific, I'll clarify: you can host an FSFS
>>> repository
>>> on NFS (if your NFS server is set up right) in that you can access the
>>> repository that way from a single computer that will then run apache or
>>> svnserve to serve the repository to others over http or svn protocols.
>>> The
>>> FAQ is not implying that multiple users should try to access an
>>> NFS-hosted
>>> repository directly over the file protocol.
>>
>> Thanks for clearing that up. I'm still don't understand why we're any
>> safer with
>> svn+ssh. The svn book recommends "to place every potential repository
>> user
>> into a new svn group, and make the repository wholly owned by that group".
>> If all users can ssh into the svn+ssh host and are all in the group svn,
>> can't
>> they do any of the evil things that you mentioned they could do with the
>> file protocol? It doesn't seem like once they've logged into the svn+ssh
>> host there is anything to prevent them from using to file protocol.
>
> That is true, unless you restrict them to only accessing the repository (and
> denying them shell access) as shown here:
>
> http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks.fixedcmd
>
Interesting. Thanks for that link. Do you happen to know if that
can be safely combined with the ControlMaster trick? It seems
like if you restrict ssh access to only allow the svnserve command,
you might lose the ability to have a control master?
If we haven't been doing that trick, is it any more dangerous
to use the file protocol than svn+ssh? And by dangerous, I'm not
referring to susceptibility to intentional tampering... I trust the small
team of developers that have access this directory. For example,
are there any simultaneous access susceptibilities with the file
protocol to an NFS repository that don't exist with svn+ssh?
To work around the speed problems we've been having with
svn+ssh, I was considering a hybrid file protocol and svn+ssh
like this... We export the svn repository directory as read only
to our developer workstations. When people check out or
update, they do so via the file protocol. Then, before commits,
we svn switch to an svn+ssh protocol to a server secured as
shown in the above link. This doesn't prevent evil developers
from reading the code, but it seems like it does prevent them
from messing with the repository. Does this sound reasonable?
svn switch seems to be pretty fast especially when compared
to 5 minute checkouts that we've been experiencing lately.
Thanks,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-11-03 20:04:31 CET