Re: Per-module access to users with svn+ssh ?

From: Tino Schwarze <subversion.lists_at_tisc.de>
Date: Fri, 30 Apr 2010 11:36:42 +0200

On Fri, Apr 30, 2010 at 11:16:20AM +0200, Ernest Beinrohr wrote:

> Hi, i would like to limit access on modules (dirs) to different group of
> people. Currenly we are providing svn+ssh (on fsfs svn) access, where
> the ssh server uses LDAP to get its auth information.
>
> How can we define permissions? In CVS it was quite easy as files were
> files and normal unix permissions applied.
>
> PS: it such permissions can only be granted with another access method,
> please let me know.

You cannot limit permissions if your users access the repository
directly. There is a workaround for svn+ssh though: Limit access to the
repository to a special user (e.g. svn) via .ssh/authorized_keys like this:

command="/usr/bin/svnserve -t --tunnel-user=username -r
/path/to/repository",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
ssh-dss AAAAB3Nza...ssh-public-key... user_at_host

Then each user just needs a public/private ssh key pair for access. And
connects to the server via svn+ssh://svn@yourserver/ and you can use the
authz file to configure authorization.

HTH,

Tino.

-- 
"What we nourish flourishes." - "Was wir nähren erblüht."
www.lichtkreis-chemnitz.de
www.tisc.de

Received on 2010-04-30 11:37:15 CEST

This message: [ Message body ]
Next message: Ravi Roy: "What file system structure a SVN transaction follow ?"
Previous message: Ernest Beinrohr: "Per-module access to users with svn+ssh ?"
In reply to: Ernest Beinrohr: "Per-module access to users with svn+ssh ?"
Next in thread: Ernest Beinrohr: "Re: Per-module access to users with svn+ssh ?"
Reply: Ernest Beinrohr: "Re: Per-module access to users with svn+ssh ?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]