[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Subversion: existing users

From: Bert Huijben <bert_at_qqmail.nl>
Date: Wed, 20 Jul 2011 04:34:38 +0200

> -----Original Message-----
> From: Andy Canfield [mailto:andy.canfield_at_pimco.mobi]
> Sent: woensdag 20 juli 2011 4:31
> To: Nico Kadel-Garcia
> Cc: Bob Archer; users_at_subversion.apache.org
> Subject: Re: Subversion: existing users
>
>
>
> On 07/20/2011 05:24 AM, Nico Kadel-Garcia wrote:
> > On Tue, Jul 19, 2011 at 12:16 PM, Bob Archer<Bob.Archer_at_amsi.com>
> wrote:
> >>> The most obvious authorization scheme is that of the host server;
> >>> if
> >>> there is a user named "andy" on that server with a password
> >>> "jackel"
> >>> then I would like to simply be able to talk to the subversion
> >>> server as
> >>> user named "andy" password "jackel". This is how ssh and sftp work.
> >>> But
> >>> apparently subversion can't handle that. True?
> >> I would say FALSE.
> >>
> >> BOb
> > It's feasible, but problematic. The solution involves giving "andy" a
> > valid account on that machine, one with a local or network password,
> User 'andy' already has a valid ssh/sftp login account on that machine.
> Access to anything is controlled by the usual *nix mechanisms (in this
> case OS X).
> > because the "andy" account needs to be able to run the "svnserve"
> > program. And doing this leads to risks of exposing the rest of the
> > system to all your Subversion users. Also, group ownership to a shared
> > repository needs to be carefully managed, and it puts the repository
> > at risk of malcious users simply logging in and deleting bits from the
> > Subversoin database.
> My concept, which may be wrong, was that snvserve is run at boot time,
> probably as user 'root' but possibly as a different user set up for this
> task. I had assumed that the repositories in /var/svn/* are owned by the
> svnserve user, and that the client (svn) can run on any computer in the
> network. Then svn talks to svnserve via port 3690 and svnserve checks
> the authentication (valid user name & password) and authorization
> (permissions) and then svnserve does whatever is requested to the
> particular repository (/var/svn/RepoName).
>
> Apparently I'm wrong, since you say that user 'andy' has to run svnserve
> himself. If we do this for 'andy' and "bill' does this mean we're
> running two copies of svnserve at the same time, one as user 'andy' and
> the other as user 'bill'?

Svnserve can be used in two different modes.

If you use svnserve via svn:// things work as you assumed.

But if you use svn+ssh:// svnserver is started as the user who creates the ssh tunnel (as described in this mail).

        Bert
Received on 2011-07-20 04:35:18 CEST

This is an archived mail posted to the Subversion Users mailing list.