J. Bakshi wrote:
> J. Bakshi wrote:
>
>> Ryan Schmidt wrote:
>>
>>
>>> On Jun 5, 2009, at 04:03, J. Bakshi wrote:
>>>
>>>
>>>
>>>> Based on your previous discussion I have just change /sbin/nologin to
>>>> /bin/bash of apache entry in /etc/password and assigned it a password.
>>>> then I login as apache user and did a "svn list" to accept the
>>>> certificate. After that the commit and hooks are working perfectly
>>>> Ok :-)
>>>> Thanks for your help. It really made me fixing the problem. I find it
>>>> little bit easier than the file:/// protocol you have mentioned above.
>>>> Specially the users on linux/wimdows client uses their GUI tool and
>>>> there it would not be possible to fire up the script as apache user.
>>>>
>>>>
>>> Your users don't need to do anything. All that you, in your role as
>>> server administrator, need to do, is relocate the POSTCOMMIT working
>>> copy to the file:// protocol, one single time. That's all. Your users
>>> will continue to use the https:// protocol.
>>>
>>> Giving your apache user a login shell is a security vulnerability and
>>> thus not recommended. Instead of this, if you insist on keeping the
>>> working copy checked out from http or https, you can use the
>>> --config-dir option to the "svn" command to tell it where to look for
>>> its config directory.
>>>
>>>
>> Hello Ryan,
>>
>> yes you are right that providing a shell access is actually a security
>> risk And I don't like to have that hole in my server. The first option
>> which you have suggested to use --relocate is very much attractive to me
>> as it only requires to modify the hook script only and transparent to
>> the users.
>>
>> I tried the file:// protocol like
>>
>> ````````````````````````````````````
>> svn switch --relocate \
>> https://192.168.1.1:443/repos/test \
>> file:///hoem/SVN/test \
>> /var/www/html/POSTCOMMIT
>> ````````````````````````````
>>
>> This update the repo successfully. But what to do to update the working
>> copy ?
>> I already tried to add
>>
>> ````````````````````
>> /usr/bin/svn up /var/www/html/POSTCOMMIT
>> `````````````````````````````````
>>
>> after the above code and it again asked for the certificate. I have
>> already disabled the login facility of apache.
>>
>>
>
> I have just discovered this error when running the command manually :-(
>
> svn switch --relocate https://192.168.1.1/repos/test
> file:///home/SVN/test /var/www/html/POSTCOMMIT
>
> svn: Relocate can only change the repository part of an URL
>
Ryan great news.
Now everything is working fine ( and apache has no login shell :-) )
the script should be
`````````````````````````````````````````
svn switch --relocate https://192.168.1.1/repos/test
file:///home/SVN/testi
svn up /var/www/html/POSTCOMMIT
``````````````````````````````````````````````
Millions and millions of thanks to you for your kind guidance.
>
>>
>>
>>>
>>>
>>>> Though there is some permission problem if I use samba. In post-commit
>>>> if I use a samba mount point like
>>>>
>>>>
>>> I have also seen issues when trying to use svn commands on an smb
>>> mount point. I cannot help you resolve them.
>>>
>>>
>> Never Mind. You have already helped me ALOT.........
>> millions of thanks
>>
>>
>>
>>>
>>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2359649
>>
>> To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
>>
>>
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2359694
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2359696
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-05 14:51:42 CEST