You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Gerard Marcel <me...@gmail.com> on 2009/04/09 04:06:56 UTC
Mirroring permission for mod-authz and svn on cli
I have setup permission in svn using mod_authz from https and that works
fine. Now while on cli I need to have the same permission for users using
the svn command. I tried the commit-access-control.pl, but it does not work
at all. Can someone provide some pointers?
TIA,
GM
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1607992
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Mirroring permission for mod-authz and svn on cli
Posted by Andy Levy <an...@gmail.com>.
On Thu, Apr 9, 2009 at 12:23, Gerard Marcel <me...@gmail.com> wrote:
> The developers have access to the server with any ssh client.
>
> Thanks a lot for answering my question.
So deny them access via the standard Linux ACLs and force them to use
https URLs.
> On Thu, Apr 9, 2009 at 12:19 PM, Andy Levy <an...@gmail.com> wrote:
>>
>> On Thu, Apr 9, 2009 at 10:35, Gerard Marcel <me...@gmail.com> wrote:
>> > Yes, and that is where I am trying to enforce the same file/directory
>> > permissions as on https. I am not clear on what to use to get that
>> > effect.
>> > I tried the included commit-access-control.pl, but it did not work.
>>
>> There is no security when using file:///. You can implement a hook
>> script, but nothing will stop users from bypassing it.
>>
>> If you already have Apache working, why do you need file:/// at all?
>>
>> > On Thu, Apr 9, 2009 at 6:30 AM, Andy Levy <an...@gmail.com> wrote:
>> >>
>> >> On Thu, Apr 9, 2009 at 00:06, Gerard Marcel <me...@gmail.com>
>> >> wrote:
>> >> > I have setup permission in svn using mod_authz from https and that
>> >> > works
>> >> > fine. Now while on cli I need to have the same permission for users
>> >> > using
>> >> > the svn command. I tried the commit-access-control.pl, but it does
>> >> > not
>> >> > work
>> >> > at all. Can someone provide some pointers?
>> >>
>> >> No matter what client you use, if you've implemented security at the
>> >> server end, it'll be enforced.
>> >>
>> >> Do you have people accessing the repository via file:/// as well as
>> >> https?
>> >
>> >
>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1616936
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Mirroring permission for mod-authz and svn on cli
Posted by Paul Koning <Pa...@dell.com>.
>>>>> "Gerard" == Gerard Marcel <me...@gmail.com> writes:
Gerard> The developers have access to the server with any ssh client.
Gerard> Thanks a lot for answering my question.
Then any security you implement in the mod_authz or similar machinery
is in fact meaningless. The thing to do is to turn off the ssh access
to the server.
paul
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1617788
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Mirroring permission for mod-authz and svn on cli
Posted by Gerard Marcel <me...@gmail.com>.
The developers have access to the server with any ssh client.
Thanks a lot for answering my question.
GM
On Thu, Apr 9, 2009 at 12:19 PM, Andy Levy <an...@gmail.com> wrote:
> On Thu, Apr 9, 2009 at 10:35, Gerard Marcel <me...@gmail.com> wrote:
> > Yes, and that is where I am trying to enforce the same file/directory
> > permissions as on https. I am not clear on what to use to get that
> effect.
> > I tried the included commit-access-control.pl, but it did not work.
>
> There is no security when using file:///. You can implement a hook
> script, but nothing will stop users from bypassing it.
>
> If you already have Apache working, why do you need file:/// at all?
>
> > On Thu, Apr 9, 2009 at 6:30 AM, Andy Levy <an...@gmail.com> wrote:
> >>
> >> On Thu, Apr 9, 2009 at 00:06, Gerard Marcel <me...@gmail.com>
> wrote:
> >> > I have setup permission in svn using mod_authz from https and that
> works
> >> > fine. Now while on cli I need to have the same permission for users
> >> > using
> >> > the svn command. I tried the commit-access-control.pl, but it does
> not
> >> > work
> >> > at all. Can someone provide some pointers?
> >>
> >> No matter what client you use, if you've implemented security at the
> >> server end, it'll be enforced.
> >>
> >> Do you have people accessing the repository via file:/// as well as
> https?
> >
> >
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1615859
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Mirroring permission for mod-authz and svn on cli
Posted by Andy Levy <an...@gmail.com>.
On Thu, Apr 9, 2009 at 10:35, Gerard Marcel <me...@gmail.com> wrote:
> Yes, and that is where I am trying to enforce the same file/directory
> permissions as on https. I am not clear on what to use to get that effect.
> I tried the included commit-access-control.pl, but it did not work.
There is no security when using file:///. You can implement a hook
script, but nothing will stop users from bypassing it.
If you already have Apache working, why do you need file:/// at all?
> On Thu, Apr 9, 2009 at 6:30 AM, Andy Levy <an...@gmail.com> wrote:
>>
>> On Thu, Apr 9, 2009 at 00:06, Gerard Marcel <me...@gmail.com> wrote:
>> > I have setup permission in svn using mod_authz from https and that works
>> > fine. Now while on cli I need to have the same permission for users
>> > using
>> > the svn command. I tried the commit-access-control.pl, but it does not
>> > work
>> > at all. Can someone provide some pointers?
>>
>> No matter what client you use, if you've implemented security at the
>> server end, it'll be enforced.
>>
>> Do you have people accessing the repository via file:/// as well as https?
>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1615660
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Mirroring permission for mod-authz and svn on cli
Posted by Gerard Marcel <me...@gmail.com>.
Yes, and that is where I am trying to enforce the same file/directory
permissions as on https. I am not clear on what to use to get that effect.
I tried the included commit-access-control.pl, but it did not work.
GM
On Thu, Apr 9, 2009 at 6:30 AM, Andy Levy <an...@gmail.com> wrote:
> On Thu, Apr 9, 2009 at 00:06, Gerard Marcel <me...@gmail.com>
> wrote:
> > I have setup permission in svn using mod_authz from https and that works
> > fine. Now while on cli I need to have the same permission for users
> using
> > the svn command. I tried the commit-access-control.pl, but it does not
> work
> > at all. Can someone provide some pointers?
>
> No matter what client you use, if you've implemented security at the
> server end, it'll be enforced.
>
> Do you have people accessing the repository via file:/// as well as https?
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1614685
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Mirroring permission for mod-authz and svn on cli
Posted by Andy Levy <an...@gmail.com>.
On Thu, Apr 9, 2009 at 00:06, Gerard Marcel <me...@gmail.com> wrote:
> I have setup permission in svn using mod_authz from https and that works
> fine. Now while on cli I need to have the same permission for users using
> the svn command. I tried the commit-access-control.pl, but it does not work
> at all. Can someone provide some pointers?
No matter what client you use, if you've implemented security at the
server end, it'll be enforced.
Do you have people accessing the repository via file:/// as well as https?
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1612487
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].