[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Subversion repository config problem

From: Tony Butt <Tony.Butt_at_cea.com.au>
Date: Thu, 10 Nov 2011 18:14:33 +1100

On Thu, 2011-11-10 at 06:59 +0000, Cooke, Mark wrote:
>
> > The second problem is that we run trac, and (as recommended
> > by the trac project) use post-commit hooks to log repository
> > changes into the trac timeline. This fails when svn+ssh://
> > is used, as the process owner does not have permission to
> > use trac-admin in that way.
>
> ...as a trac user (but being a windoze shop, not svn+ssh) I was wondering, is this a fundamental trac problem or a local configuration issue? If it is trac then it should be reported to trac-users too...
Normally your svn+ssh process runs as the user who's credentials were
supplied. Trac-admin does not allow general users to do much of anything
on a linux box, not sure about windows.

I would say it was a fundamental trac problem, resulting from a
collision of 2 sets of assumptions for security. That is, svnserve will
run as a local, authenticated user for security, audit trail, etc.
trac-admin will only update the timeline (or make any other change) if
it is superuser (or somesuch).

There might be a way to configure trac-admin to allow anyone to make
those changes, but that exposes the trac installation to greater risk.

Sigh - I will just strongly suggets to our engineers that they use
http:// protocol only, most do already.

Tony
>
> ~ mark c

Received on 2011-11-10 08:15:48 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.