[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: server config

From: David Chapman <dcchapman_at_acm.org>
Date: Mon, 19 Aug 2013 12:51:03 -0700

On 8/19/2013 12:13 PM, Scott Frankel wrote:
>>> This is my first brush with Apache, OpenSSL, and general server config. Thanks in advance for your suggestions! BTW, I'm not subscribed and would appreciate being cc'd on any replies.
>>> Scott
>>>
>>>
>>>
>>> <Location /svn>
>>> DAV svn
>>> SVNParentPath /var/svn
>>>
>>> # Authentication: Digest
>>> AuthName "Subversion repository"
>>> AuthType Digest
>>> AuthUserFile /etc/svn-auth.htdigest
>>>
>>> # Authorization: Authenticated users only
>>> Require valid-user
>>> </Location>
>>>
>>>
>> How many repositories do you have? You shouldn't use SVNParentPath if you have only one repository; use SVNPath. I don't know if that is the direct cause of your problem, but you should fix it.
> I chose to use SVNParentPath on purpose. As soon as I have a secure, working server config, I'll be hosting multiple repos. Daniel and Thomas, thanks for your suggestions.

My standard operating procedure is to get things working properly with a
simple configuration, then add features one at a time. This helps
isolate problems, especially when you are a beginner. I have
<VirtualHost> containers in my httpd.conf files for various Web sites,
domains, and SVN repositories, and you better believe I didn't try to
configure everything at once!

Try using SVNPath the first time and get it working securely before
adding new capabilities. It's trivial to move a repository directory
under Unix-like systems (and not very hard under Windows) to set up
SVNParentPath later, so there is no reason to use SVNParentPath for a
single repository.

One last question, just in case: did you run "svnadmin create /var/svn"
or "svnadmin create /var/svn/repo1"? In other words, is "/var/svn" a
repository or a directory in which a repository was created? The
directory in SVNParentPath shouldn't point to a repository, but to the
parent directory of the repository (and its friends). I don't know if
this would cause the security issues you are seeing, but it is a common
enough mistake that I thought I would ask.

-- 
     David Chapman      dcchapman_at_acm.org
     Chapman Consulting -- San Jose, CA
     Software Development Done Right.
     www.chapman-consulting-sj.com
Received on 2013-08-19 21:51:47 CEST

This is an archived mail posted to the Subversion Users mailing list.