[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository version 1.5+ breaks security model?

From: David Weintraub <qazwart_at_gmail.com>
Date: Tue, 28 Apr 2009 12:13:53 -0400

On Tue, Apr 28, 2009 at 11:52 AM, David Bauer <astgtciv2009_at_gatech.edu> wrote:
> Is there a reason to not use the file:// protocol? The only thing
> in the FAQ that seems relevant refers to both file:// and ssh+svn://,
> implying any problems are the same in both places.

You don't use the file:// protocol when you have more than one user in
your repository because users have direct access to the repository --
a big no-no. A user could dump the repository, manipulate that dump,
then restore it over the official repository, completely changing your
repository history. And, there is nothing you could do to prevent
this.

Yes, you can have the same issues with ssh+svn://, but it is
recommended that you store your Subversion repository on a system
without user login access. The only way users can manipulate the
repository is via the svnserve process they startup when they connect
to the server. The Subversion manual goes through a whole slew of
configuration tricks to keep users away from direct repository access.

The file:// protocol is for private repositories where I don't want to
go through the bother or effort to setup a server. Personally, I never
use the file:// protocol since I find it easy enough to setup the
svnserve process.

The only reason I use the file:// protocol is when I put the
Subversion repository on my Dropbox <http://getdropbox>. This way, I
have access to my repository from any machine. I can't use svnserve
because I would have multiple svnserve processes on different
computers trying to maintain the same repository.

On Tue, Apr 28, 2009 at 11:52 AM, David Bauer <astgtciv2009_at_gatech.edu> wrote:
>> How are your users accessing the Subversion repository. Please tell me
>> they're not using the file:// protocol.
>
> Users use file:// when on the server and ssh+svn (svnserve -t with SSH keys) remotely.
> Is there a reason to not use the file:// protocol?  The only thing in the FAQ that seems relevant refers to both file:// and ssh+svn://, implying any problems are the same in both places.
>
>
>> To prevent unauthorized users from making changes, you can use a
>> pre-commit hook to verify that the user has the right permission for
>> making modification. There is an excellent Python script that you can
>> use.
>
> Will this require the repository to be owned by a dedicated svnuser account?
> I'm guessing that this means for remote access, everybody logs in using SSH to the same user account, and are then differentiated by different SSH keys?
>
>
> David
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1964990
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
>

-- 
David Weintraub
qazwart_at_gmail.com
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1965381
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-28 18:15:21 CEST

This is an archived mail posted to the Subversion Users mailing list.