[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: strange reaction from post-commit hook

From: J. Bakshi <joydeep_at_infoservices.in>
Date: Fri, 05 Jun 2009 16:07:31 +0530

Ryan Schmidt wrote:
>
> On Jun 5, 2009, at 04:03, J. Bakshi wrote:
>
>> Based on your previous discussion I have just change /sbin/nologin to
>> /bin/bash of apache entry in /etc/password and assigned it a password.
>> then I login as apache user and did a "svn list" to accept the
>> certificate. After that the commit and hooks are working perfectly
>> Ok :-)
>> Thanks for your help. It really made me fixing the problem. I find it
>> little bit easier than the file:/// protocol you have mentioned above.
>> Specially the users on linux/wimdows client uses their GUI tool and
>> there it would not be possible to fire up the script as apache user.
>
> Your users don't need to do anything. All that you, in your role as
> server administrator, need to do, is relocate the POSTCOMMIT working
> copy to the file:// protocol, one single time. That's all. Your users
> will continue to use the https:// protocol.
>
> Giving your apache user a login shell is a security vulnerability and
> thus not recommended. Instead of this, if you insist on keeping the
> working copy checked out from http or https, you can use the
> --config-dir option to the "svn" command to tell it where to look for
> its config directory.

Hello Ryan,

yes you are right that providing a shell access is actually a security
risk And I don't like to have that hole in my server. The first option
which you have suggested to use --relocate is very much attractive to me
as it only requires to modify the hook script only and transparent to
the users.

I tried the file:// protocol like

````````````````````````````````````
svn switch --relocate \
https://192.168.1.1:443/repos/test \
file:///hoem/SVN/test \
/var/www/html/POSTCOMMIT
````````````````````````````

This update the repo successfully. But what to do to update the working
copy ?
I already tried to add

````````````````````
/usr/bin/svn up /var/www/html/POSTCOMMIT
`````````````````````````````````

after the above code and it again asked for the certificate. I have
already disabled the login facility of apache.

>
>
>> Though there is some permission problem if I use samba. In post-commit
>> if I use a samba mount point like
>
> I have also seen issues when trying to use svn commands on an smb
> mount point. I cannot help you resolve them.

Never Mind. You have already helped me ALOT.........
millions of thanks

>
>

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2359649

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-05 12:38:36 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.