subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <nka...@gmail.com>
Subject Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights
Date Mon, 25 Nov 2013 10:35:12 GMT
Gatting Apache to run suid processes  and spawn mod_dav_svn processes
has never worked for me, but it's been a long time since I tried it.
It's also unnecessary in most setups: if the svn+ssh is owned by a
single designated user, such as an "svn" user, with SSH heys stored
for to apply the "ForceCommand" and set the particular svnserve  user,
then there is a common user's credentials that the Apache daemon
merely needs write access to. That can be done with group permissions.

It's not as safe as you might like, since the Apache related group and
other hacked access to the web server could provide read and write
repository access  But one can provide both means of access,
especially to share a publicly accessible repository.

On Mon, Nov 25, 2013 at 5:24 AM,  <sbremal@hotmail.com> wrote:
> Correct, default SSH port is not open on the corporate firewall. I am sure there are
workarounds, however having contractual obligations not sure I should try hard to be unorthodox.
>
> SSH + SVN is my favourite and will stay with it as the primary access method. If I could
top it with HTTP access using the existing Unix authentication and authorization framework,
I would be more than happy. After all Unix works for tens of years, why to change it???
>
> Other alternative would be to force Apache to spawn MOD_DAV_SVN processes as the authenticated
user, wonder if it is possible, or has any inadvertent complications.
>
>
> B.
>
> ----------------------------------------
>> Date: Sat, 23 Nov 2013 01:07:16 +0200
>> From: d.s@daniel.shahaf.name
>> To: sbremal@hotmail.com
>> CC: users@subversion.apache.org
>> Subject: Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights
>>
>> sbremal@hotmail.com wrote on Thu, Nov 21, 2013 at 18:37:21 +0000:
>>> I am very happy with the SSH + 'svnserve' access to my repositories,
>>> however due to firewall issues I need access through HTTP as well.
>>> What I do not want is to set up a 2nd authentication / authorization
>>> database.
>>
>> What are the "firewall issues", exactly? Why can't you use svn+ssh?
>> Can you run sshd on port 80 (which would allow you to use svn+ssh
>> without httpd at all)?
>>
>> Daniel

Mime
View raw message