On Fri, Jul 23, 2010 at 6:25 AM, Ulf Seltmann <seltmann_at_digitalzone.de> wrote:
> Hello all,
>
> i'm hav a multihost environment and i want to provide svn access for
> arbitrary customers via dav_svn. is there a solution to have the
> svn-directories of the users only available to the unix-users of the
> customer instead to make them writable to the apache user (which mod_dav_svn
> is using due to the fact that its an apache-module?
Yes. Switch *EVERYONE* to ssh+svn for protected access, because https
and http and svn access all still have the issue of the UNIX or Linux
clients saving passwords in cleartext, with no way for the server to
prevent it. Or insist that UNIX users also use https: there is no
reasonable excuse for providing direct write access to the repository
as other users.
> maybe it is possible to use cgi-access to svnserve to use suexec?
It gets tricky. ssh+svn allows you to channel all access to go through
a particular 'uid' that has the correct permissions set to be able to
write to the repository. It's possible to set the repository
permissions with group permissions, and directory permissions of 4775,
to have a shared group of which the "apache" user is a member. But I
prefer, very strongly, to force the Subversion repository to be owned
by a single user for management and permissions control.
Received on 2010-07-24 04:47:22 CEST