You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by qu...@in-euro.de on 2004/12/23 14:28:55 UTC
Which permission subversion uses after authz with NIS?
Hello,
I've a question belonging to subversion access to repository over mod_svn. If I
authenticate againt NIS in apache, which permissions subversion uses to access
the repositories? Is it using the users permission or is it using the
permission from apache?
Greets,
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Which permission subversion uses after authz with NIS?
Posted by James FitzGibbon <jf...@primustel.ca>.
I believe it uses whatever Apache would stick into the REMOTE_USER
environment
variable (or rather whatever part of the Apache request structure that
variable
takes it's value from).
I use LDAP to authenticate for SVN with Apache. The Apache LDAP modules
have an
option to use the user's full DN for REMOTE_USER or just the name that the
user
provides (i.e. jfitz). In the mod_authz_svn file, I use jfitz. If I
switched the
setting in the LDAP authentication module then I'd have to use the full DN
in the
authz file. I don't think that particular case works because of the
embedded
commas in a DN though.
Or are you referring to access at the OS level? In that case, it's always
as the
user Apache runs as. Because mod_dav_svn is an Apache module, there is no
opportunity for the Apache child to 'become' another use while it is
servicing
a request from a SVN client. Nor does there even have to be an operating
system
user corresponding to the user operating the client.
In CVS, I used to access a repo over NFS. This required me to create unix
users
for each of my repository users and to ensure that they were in a common
group
that had write permission to the repo files.
With SVN, I can put the server on a host that has no real unix users. I
have a
pseudo-account named svn which runs a dedicated Apache server (this avoid
problems
with other CGIs potentially being able to change the SVN repo). All access
to the
repo is as the svn user, even though there may be hundreds of remote users
running
clients.
Of course, this doesn’t match entirely with NIS if you are using the same
map for
Apache that you do for regular system authentication. My example is more
akin to
having a custom NIS map for SVN access that is different than the one that
is used
when people ssh into the box.
Hope that helps.
-----Original Message-----
From: quastst@in-euro.de [mailto:quastst@in-euro.de]
Sent: Thursday, December 23, 2004 9:29 AM
To: users@subversion.tigris.org
Subject: Which permission subversion uses after authz with NIS?
Hello,
I've a question belonging to subversion access to repository over mod_svn.
If I authenticate againt NIS in apache, which permissions subversion uses to
access the repositories? Is it using the users permission or is it using the
permission from apache?
Greets,
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
----------------------------------------------------------------------------
This electronic message contains information from Primus Telecommunications
Canada Inc. ("PRIMUS") , which may be legally privileged and confidential.
The information is intended to be for the use of the individual(s) or entity
named above. If you are not the intended recipient, be aware that any
disclosure, copying, distribution or use of the contents of this information
is prohibited. If you have received this electronic message in error, please
notify us by telephone or e-mail (to the number or address above)
immediately. Any views, opinions or advice expressed in this electronic
message are not necessarily the views, opinions or advice of PRIMUS.
It is the responsibility of the recipient to ensure that
any attachments are virus free and PRIMUS bears no responsibility
for any loss or damage arising in any way from the use
thereof.The term "PRIMUS" includes its affiliates.
----------------------------------------------------------------------------
Pour la version en français de ce message, veuillez voir
http://www.primustel.ca/fr/legal/cs.htm
----------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org