[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: empty pre-commit hook fails with svn+ssh with some accounts

From: Daniel Neuberger <daniel.neuberger_at_gmail.com>
Date: Thu, 21 Jul 2011 11:05:30 -0400

On Thu, Jul 21, 2011 at 10:51 AM, Nico Kadel-Garcia <nkadel_at_gmail.com> wrote:
> Stop *RIGHT* there. Go grab the Subverson 1.6.x from the RHEL updates.
> Do not pass go, do not collect $200 until you do this sitewide.  There
> are significant security and performance improvements, well worth the
> update pain.
Okay, we plan to do that asap, but it will take at least a little
time. In the meantime, there's no reason to believe that's causing my
problem though, right?

> That said, putting "suid" bits on svnserve is just begging for
> confusing pain in a configuration that no one has been using. Can you
> not use the svn+ssh shared account access, with SSH keys restricted to
> svnserve tunnel access, as documented in the Subversion Red Book?
That's what we're doing but the repository is owned by a separate user
as an additional security measure so that if someone somehow gains
shell access to the shared account, they won't be able to delete the
repository or anything like that. Do you think there's anyway to make
it work this way?

Thanks for the help.

- Daniel
Received on 2011-07-21 17:06:05 CEST

This is an archived mail posted to the Subversion Users mailing list.