[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svnserve logging with svn+ssh://singleuser@host via wrapper

From: Ted Stern <dodecatheon_at_gmail.com>
Date: Tue, 10 Feb 2009 15:56:43 -0800

Hi all,

I'm working with source code that has fairly strict access
requirements, so I want to keep access as secure as possible.

It is also a bit difficult dealing with IT support for web servers,
etc., so I've been led to the svn+ssh mode via a single account, using
the authorized_keys trick to tell svnserve how to distinguish users.

I've set up the repository as readable only by the special account, so
the only access is the one I've set up.

There are a few things that might change, so instead of starting
svnserve directly, I put it in a wrapper script:

authorized_keys:

   command="/home/special/bin/svnserve_wrapper userid" TYPE KEY COMMENT

wrapper script:

   #!/bin/bash
   umask 077
   export PATH=/path/to/svnserve:$PATH
   SVNBASE=/path/to/repos

   userid=$1
   shift

   exec svnserve -t --tunnel-user=$userid -r $SVNBASE ${1+"$@"}

This is all well and good, and it works just fine. But I'd like to
add a little bit of minimal logging too, and this is where I encounter
my problem. I want to see who is accessing the repository, and when,
so I put this line in before exec'ing the real svnserve:

   echo `date "+%Y-%X"` "$@" >> ~/logs/logfile

The problem is, there are no arguments other than the userid, as
specified in the authorized_keys 'command=' string!

Perhaps I'm misunderstanding how svn+ssh access works ... how are the
svn arguments being passed to svnserve? Through stdin somehow? How
would I extract that?

Ted

-- 
 Frango ut patefaciam -- I break so that I may reveal
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1136415
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-02-11 00:58:06 CET

This is an archived mail posted to the Subversion Users mailing list.