[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Not authorized to open root of edit operation

From: Stephen Bloch <sbloch_at_adelphi.edu>
Date: Fri, 21 Nov 2008 10:47:53 -0500

On Nov 21, 2008, at 9:33 AM, David Weintraub wrote:

> Just a quick question: If you're using Mac OS X, why not run your
> Subversion repository on that machine? Subversion comes on the Mac. If
> your whole purpose is to play around with Subversion and to teach it
> to your students, you really don't need a public server.

I was more interested in convincing them that Subversion is useful
(they've never used ANY version-control or collaboration software
before) than in teaching them how to run a server, which they can
learn later if they wish. And Subversion is much more useful on a
public server than not. In particular, I'm using it to work on my
own version-controlled project on my home and office Macs (both of
which are behind NAT firewalls) without carrying it back and forth on
a flash drive.

> And, you specially don't need the headaches of using svn+ssh.

As I understand it, svn+ssh protocol means that you authenticate via
regular Unix accounts on the server machine, each session starts a
new svnserve daemon, and you have access to anything that your Unix
account on the server machine has access to.

What we're doing instead is svn protocol through an ssh tunnel. We
authenticate to set up the tunnel via Unix accounts on a different
machine which I'll call the "gatekeeper" (on which my students all
already had accounts), and then again through svn's passwd system on
the server machine. This way

1) the students don't all need full Unix accounts on the server machine;
2) I have one svnserve instance running at all times, rather than
starting a new one for each request;
3) we can use path-based access control within svn; and yet
4) anybody who makes a request of the svn server must have gotten
there through the gatekeeper machine, so we have an added layer of
authentication and logging.

Stephen Bloch
sbloch_at_adelphi.edu

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-11-21 17:14:03 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.