subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <nka...@gmail.com>
Subject Re: svnserve serving svn repos with questions
Date Mon, 18 Jul 2011 11:20:04 GMT
[ Accidentally replied only to Thorsten, sending to list. ]

2011/7/18 Nico Kadel-Garcia <nkadel@gmail.com>:
> 2011/7/18 Thorsten Schöning <tschoening@am-soft.de>:
>> Guten Tag David Mehler,
>> am Samstag, 16. Juli 2011 um 18:46 schrieben Sie:
>>
>>> I'm wanting to ensure encryption of data while traveling from the
>>> server to the client so am looking in to cyrus-sasl, though not
>>> finding what i'm looking for.
>>
>> What exactly are you missing?
>>
>> http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.svnserve.sasl
>
> And is there any reason not to use svn+ssh:// or https://
>
>>> I'm also needing to separate users. For example, user1 has access to
>>> only repos1 while user2 has only access to repos2 but not repos1.
>>> Under their respective repos' each user can commit their own projects
>>> and manage them.
>>
>> This is easy, each repository has it's own user configuration per
>> default and per repository you can use path based access control, if
>> needed.
>>
>> http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.svnserve.auth
>>
>>> I would have gone with an svn+ssh access, but don't want to give out
>>> system accounts, and none of my user's want their repos visible to an
>>> httpd server so apache is out.
>>
>> How about creating new users just for svn access? Else, a simple VPN
>> using OpenVPN could be solution, too, depending on how you trust your
>> users etc.
>
> Oh, my! You don't have to give system accounts!!! You use a shared
> account, called "svn", for write access.
>
> The URL's would be "svn+ssh://svn@hostname/reponame", and you'd use
> SSH keys with a "command" option, as documented at
> http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks.fixedcmd.
>
> There's a missing option in the documentation, the "--root" option.
> For a set of shared SVN repostories at "/var/svn/", the saved keys
> would look something like this:
>
>      command="svnserve -t --tunnel-user=username
> --root=/var/svn",no-port-forwarding,no-agent-forw
> arding,no-X11-forwarding,no-pty TYPE1 KEY1 username@example.com
>
> The repo at /var/svn/repo1 would be accessed with the URL
> svn+ssh://svn@hostname/repo1/
>
>>
>> Mit freundlichen Grüßen,
>>
>> Thorsten Schöning
>>
>> --
>> Thorsten Schöning
>> AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig
>>
>> Telefon: Potsdam: 0331-743881-0
>> E-Mail:  tschoening@am-soft.de
>> Web:     http://www.am-soft.de
>>
>> AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam
>> Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow
>>
>>
>

Mime
View raw message