On Thu, Feb 9, 2012 at 1:59 AM, <d.guthmann_at_gmx.net> wrote:
> we run a subversion-server with apache and access it through https. Now we want to grant also external developers access to our repositories.
> As subversion-client we use subclipse via JavaHL under Windows. The https-Port on the server is not reachable from any external network.
> I've now found the subversion-feature "svn+ssh" and I would like to use it as a tunnel from those external developers computer.
> So the URL would be "svn+ssh://user@hostname:220/srv/svn/project/" - normally we use the URL "https://hostname/repos/projekt/"
> Would it work properly (e.g. executing hooks) or is it a problem to access one repository in two different ways? The URL "svn+ssh://user@hostname:220/srv/svn/projekt/" suggests that we are bypassing the svn-Module...
As somone who strongly encourages the use of svn+ssh for security
reasons, I can tell you there are security model differences. The
ownership of the repository for Apache access is usually "apache". The
ownership for svn+ssh, or svn, is usually a designated user such as
"svn", so you have to make sure the repository is accessible to
read/write for both users, *or* switch entirely to svn+ssh for write
access, or do somethng complicated. There are complicated ways to do
this, but I don't recomend them.
You'll also need to rethink your password handling or key access
model. Since the svn+ssh access works best with SSH keys designed to
force the "svnserve" command with a hardcoded user name, you'll need
a method to handle the SSH keys, both to add them and to expire them
The Subversion "red book" is actually quite good about explaining
this: it doesn't go into as much detail about supporting multiple
access methods as you might like.
> We also use some access-control features like "AuthzSVNAccessFile" in the Apache-configuration - am I right assuming that those access-control doesn't take effect when accessing over svn+ssh://?
I'm afraid not. You'll need to use some of the more Subversion
internal systems, such as pre-commit.
> Thanks in Advance.
> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Received on 2012-02-09 08:10:27 CET