[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository version 1.5+ breaks security model?

From: David Bauer <astgtciv2009_at_gatech.edu>
Date: Tue, 28 Apr 2009 11:52:41 -0400 (EDT)

> How are your users accessing the Subversion repository. Please tell me
> they're not using the file:// protocol.

Users use file:// when on the server and ssh+svn (svnserve -t with SSH keys) remotely.
Is there a reason to not use the file:// protocol? The only thing in the FAQ that seems relevant refers to both file:// and ssh+svn://, implying any problems are the same in both places.

> To prevent unauthorized users from making changes, you can use a
> pre-commit hook to verify that the user has the right permission for
> making modification. There is an excellent Python script that you can
> use.

Will this require the repository to be owned by a dedicated svnuser account?
I'm guessing that this means for remote access, everybody logs in using SSH to the same user account, and are then differentiated by different SSH keys?

David

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1964990

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-28 17:53:32 CEST

This is an archived mail posted to the Subversion Users mailing list.