[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository version 1.5+ breaks security model?

From: David Bauer <astgtciv2009_at_gatech.edu>
Date: Tue, 28 Apr 2009 11:52:41 -0400 (EDT)

> How are your users accessing the Subversion repository. Please tell me
> they're not using the file:// protocol.

Users use file:// when on the server and ssh+svn (svnserve -t with SSH keys) remotely.
Is there a reason to not use the file:// protocol? The only thing in the FAQ that seems relevant refers to both file:// and ssh+svn://, implying any problems are the same in both places.

> To prevent unauthorized users from making changes, you can use a
> pre-commit hook to verify that the user has the right permission for
> making modification. There is an excellent Python script that you can
> use.

Will this require the repository to be owned by a dedicated svnuser account?
I'm guessing that this means for remote access, everybody logs in using SSH to the same user account, and are then differentiated by different SSH keys?



To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-28 17:53:32 CEST

This is an archived mail posted to the Subversion Users mailing list.