On Aug 23, 2009, at 9:41 PM, Erick Calder wrote:
> On Aug 14, 2009, at 11:47 PM, Ryan Schmidt wrote:
>> On Aug 15, 2009, at 00:47, Erick Calder wrote:
>>>> Stop right there. Proceed *DIRECTLY* to the use of svn+ssh to get a
>>>> much better security model. Subversion's tendency to store
>>>> in clear text is very nasty, and this is the most reliable fix
>>>> for it,
>>>> one used by Slashdot and other security conscious systems
>>> the svn+ssh model is problematic because I really don't want to give
>>> system accounts to those that will use svn...
>> Fortunately, you don't need to. :) Everyone can share a single
>> account to access Subversion on the server via svn+ssh. See this FAQ:
> thanks for the link, I read through the docs and got it to work. it
> would have helped to indicate that I now have to access the repo
> like svn+ssh://myserver/repo-path/project, instead of svn://myserver/
> project... but I figured it out. I checked out a project, made a
> change to a file and tried to commit it but I get the following error:
> ekkis_at_aprilis:~/Development/janus/DB/Ent/trunk # svn commit
> Sending trunk/Ent.pm
> Transmitting file data .svn: Commit failed (details follow):
> svn: Can't open file '/var/svn/db/txn-current-lock': Permission denied
> my repo is located at /var/svn and I've set its ownership to svn:svn
> so I'm guessing my account doesn't have write permissions... my
> question is: since my account "ekkis" does not exist on the server
> (I used the --tunnel-user option in the "command" portion of the
> authorized_keys2 file), how do I add it to the svn group?
> or else... how is this supposed to work?
> TIA - ekkis
ok, I figured it out. the answer is users need to come into the box
as user "svn" i.e.
export SVN_SSH="ssh -l svn -i $HOME/.ssh/id_rsa"
I'd like to write a little mini-HOWTO because with current
documentation I still had to struggle too much... if I do, where's a
good place to put it that others will find it?
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-24 07:23:54 CEST