You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Steven Brown <sw...@ucsd.edu> on 2003/04/26 04:19:12 UTC
Permissions for repositories with Apache
Hello, I've been playing around with getting dav/dav_svn setup with Apache,
but I can't figure out a good way to secure the thing so I was hoping to get
a few pointers. It seems like, due to unbelievably bad support in Apache
for UNIX users/permissions, I've got these options (this is a multiuser
system with shell access):
- Have each user run a separate Apache on a different port with their own
User/Group directive so they can serve and configure their own repositories.
- Have a special subversion-user Apache running on a different port that
only accesses subversion repositories owned by itself and require an admin
to setup every repository for every user, and apply every configuration
change they need.
Neither of these solutions seem very good. I'm probably missing the right
way, though, as I'm a bit new to securing Apache. Does anyone have some
tips on how to set up permissions so that repositories are secure on
multiuser systems, but don't require an admin to change configuration on
behalf of the user (like changing what HTTP-auth users have write access,
creating new repositories, etc.)?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Permissions for repositories with Apache
Posted by Peter Burkholder <pe...@ucar.edu>.
My experience with Apache2 is fairly limited, but I understand that
a single apache with the perchild mpm can spawn virtual hosts
processes with different user id and group ids. e.g.
<VirtualHost>
ServerName jane.example.com
User jane
Group devgroup
...
</VirtualHost>
<VirtualHost>
ServerName paul.example.com
User paul
Group devgroup
...
</VirtualHost>
Each of these can have a DocumentRoot with the devlopers area.
see http://httpd.apache.org/docs-2.0/mod/perchild.html
P.
> Hello, I've been playing around with getting dav/dav_svn setup with Apache,
> but I can't figure out a good way to secure the thing so I was hoping to get
> a few pointers. It seems like, due to unbelievably bad support in Apache
> for UNIX users/permissions, I've got these options (this is a multiuser
> system with shell access):
>
> - Have each user run a separate Apache on a different port with their own
> User/Group directive so they can serve and configure their own repositories.
>
> - Have a special subversion-user Apache running on a different port that
> only accesses subversion repositories owned by itself and require an admin
> to setup every repository for every user, and apply every configuration
> change they need.
>
> Neither of these solutions seem very good. I'm probably missing the right
> way, though, as I'm a bit new to securing Apache. Does anyone have some
> tips on how to set up permissions so that repositories are secure on
> multiuser systems, but don't require an admin to change configuration on
> behalf of the user (like changing what HTTP-auth users have write access,
> creating new repositories, etc.)?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org