You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Nico Kadel-Garcia <nk...@gmail.com> on 2012/02/09 08:09:27 UTC

Re:

On Thu, Feb 9, 2012 at 1:59 AM,  <d....@gmx.net> wrote:
> Hello,
>
> we run a subversion-server with apache and access it through https. Now we want to grant also external developers access to our repositories.
> As subversion-client we use subclipse via JavaHL under Windows. The https-Port on the server is not reachable from any external network.
>
> I've now found the subversion-feature "svn+ssh" and I would like to use it as a tunnel from those external developers computer.
>
> So the URL would be "svn+ssh://user@hostname:220/srv/svn/project/" - normally we use the URL "https://hostname/repos/projekt/"
>
> Would it work properly (e.g. executing hooks) or is it a problem to access one repository in two different ways? The URL "svn+ssh://user@hostname:220/srv/svn/projekt/" suggests that we are bypassing the svn-Module...

As somone who strongly encourages the use of svn+ssh for security
reasons, I can tell you there are security model differences. The
ownership of the repository for Apache access is usually "apache". The
ownership for svn+ssh, or svn, is usually a designated user such as
"svn", so you have to make sure the repository is accessible to
read/write for both users, *or* switch entirely to svn+ssh for write
access, or do somethng complicated. There are complicated ways to do
this, but I don't recomend them.

You'll also need to rethink your password handling or key access
model. Since the svn+ssh access works best with SSH keys designed to
force the  "svnserve" command with a hardcoded user name, you'll need
a method to handle the SSH keys, both to add them and to expire them
as needed.

The Subversion "red book" is actually quite good about explaining
this: it doesn't go into as much detail about supporting multiple
access methods as you might like.

> We also use some access-control features like "AuthzSVNAccessFile" in the Apache-configuration - am I right assuming that those access-control doesn't take effect when accessing over svn+ssh://?

I'm afraid not. You'll need to use some of the more Subversion
internal systems, such as pre-commit.

> Thanks in Advance.
>
> Rgds.
> Dieter
> --
> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de