[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion: existing users

From: Andy Canfield <andy.canfield_at_pimco.mobi>
Date: Wed, 20 Jul 2011 09:30:39 +0700

On 07/20/2011 05:24 AM, Nico Kadel-Garcia wrote:
> On Tue, Jul 19, 2011 at 12:16 PM, Bob Archer<Bob.Archer_at_amsi.com> wrote:
>>> The most obvious authorization scheme is that of the host server;
>>> if
>>> there is a user named "andy" on that server with a password
>>> "jackel"
>>> then I would like to simply be able to talk to the subversion
>>> server as
>>> user named "andy" password "jackel". This is how ssh and sftp work.
>>> But
>>> apparently subversion can't handle that. True?
>> I would say FALSE.
>>
>> BOb
> It's feasible, but problematic. The solution involves giving "andy" a
> valid account on that machine, one with a local or network password,
User 'andy' already has a valid ssh/sftp login account on that machine.
Access to anything is controlled by the usual *nix mechanisms (in this
case OS X).
> because the "andy" account needs to be able to run the "svnserve"
> program. And doing this leads to risks of exposing the rest of the
> system to all your Subversion users. Also, group ownership to a shared
> repository needs to be carefully managed, and it puts the repository
> at risk of malcious users simply logging in and deleting bits from the
> Subversoin database.
My concept, which may be wrong, was that snvserve is run at boot time,
probably as user 'root' but possibly as a different user set up for this
task. I had assumed that the repositories in /var/svn/* are owned by the
svnserve user, and that the client (svn) can run on any computer in the
network. Then svn talks to svnserve via port 3690 and svnserve checks
the authentication (valid user name & password) and authorization
(permissions) and then svnserve does whatever is requested to the
particular repository (/var/svn/RepoName).

Apparently I'm wrong, since you say that user 'andy' has to run svnserve
himself. If we do this for 'andy' and "bill' does this mean we're
running two copies of svnserve at the same time, one as user 'andy' and
the other as user 'bill'?

For example, I am on a Linux box named Lenny, logged in as 'andy'. I can
ssh to hk.pimco.mobi as user 'andy', password 'psuedo'. But I don't want
to. Instead, I would like to run the command:
     svn ... http://hk.pimco.mobi/svn/RepoName --username=andy
--password=psuedo
I would expect this to work, with svnserver on hk.pimco.mobi having been
run at boot time and /var/svn/RepoName being a valid Subversion
repository. This requires that svnserve be pointed to a svnserve.conf
file which validates users based on their standard *nix login names and
passwords.

But this does not match what you are telling me. Apparently my brain is
pointed 89 degrees off from the direction your brain is pointed. Please
point me in the right direction.

Thank you.

> The only well supported solution to this, so far, is to use SSH keys
> for a shared account, and to use those keys to use a forced "command"
> for that shared account, a "command" that enforces the user's name for
> that particular svnserve instance.
>
> I've previously tried, myself, to help set up a restricted shell for
> just such access, starting with the "rssh" tool, but didn't get very
> far. That would be a significant security improvement, and help
> protect the rest of the OS from unauthorized access with valid
> Subversion logins with Kerberized or other account access, rather than
> SSH keys.
>
Received on 2011-07-20 04:31:21 CEST

This is an archived mail posted to the Subversion Users mailing list.