[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve serving svn repos with questions

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Mon, 18 Jul 2011 13:18:16 +0200

2011/7/18 Thorsten Schöning <tschoening_at_am-soft.de>:
> Guten Tag David Mehler,
> am Samstag, 16. Juli 2011 um 18:46 schrieben Sie:
>
>> I'm wanting to ensure encryption of data while traveling from the
>> server to the client so am looking in to cyrus-sasl, though not
>> finding what i'm looking for.
>
> What exactly are you missing?
>
> http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.svnserve.sasl

And is there any reason not to use svn+ssh:// or https://

>> I'm also needing to separate users. For example, user1 has access to
>> only repos1 while user2 has only access to repos2 but not repos1.
>> Under their respective repos' each user can commit their own projects
>> and manage them.
>
> This is easy, each repository has it's own user configuration per
> default and per repository you can use path based access control, if
> needed.
>
> http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.svnserve.auth
>
>> I would have gone with an svn+ssh access, but don't want to give out
>> system accounts, and none of my user's want their repos visible to an
>> httpd server so apache is out.
>
> How about creating new users just for svn access? Else, a simple VPN
> using OpenVPN could be solution, too, depending on how you trust your
> users etc.

Oh, my! You don't have to give system accounts!!! You use a shared
account, called "svn", for write access.

The URL's would be "svn+ssh://svn@hostname/reponame", and you'd use
SSH keys with a "command" option, as documented at
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks.fixedcmd.

There's a missing option in the documentation, the "--root" option.
For a set of shared SVN repostories at "/var/svn/", the saved keys
would look something like this:

      command="svnserve -t --tunnel-user=username
--root=/var/svn",no-port-forwarding,no-agent-forw
arding,no-X11-forwarding,no-pty TYPE1 KEY1 username_at_example.com

The repo at /var/svn/repo1 would be accessed with the URL
svn+ssh://svn@hostname/repo1/

>
> Mit freundlichen Grüßen,
>
> Thorsten Schöning
>
> --
> Thorsten Schöning
> AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig
>
> Telefon: Potsdam: 0331-743881-0
> E-Mail:  tschoening_at_am-soft.de
> Web:     http://www.am-soft.de
>
> AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam
> Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow
>
>
Received on 2011-07-18 13:18:50 CEST

This is an archived mail posted to the Subversion Users mailing list.