You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Lutz Frommberger <lu...@informatik.uni-bremen.de> on 2005/06/14 10:32:43 UTC
Disabling svn+ssh access?
Hi,
usually users access the repository via WebDAV, and that works really
fine. Some users, however, manage to checkout via svn+ssh (the users
have an account there and the right permissions to do so and I can't
easily change that), but this causes problems, as some hook scripts
don't run due to permission problems. Also users confuse passwords etc.
So I want to disable the svn+ssh access without disabling the ssh
access. How can this be done?
gruß,
--
Lutz Frommberger
SFB/TR 8 Spatial Cognition - Project R3-[Q-Shape]
Cognitive Systems Research Group, Universität Bremen
http://www.cosy.informatik.uni-bremen.de/staff/lutz/
RE: Disabling svn+ssh access?
Posted by James FitzGibbon <jf...@primustel.ca>.
Ah. Given that requirement, I'd think that having them log in and use sudo
or another such utility would be the only route to go.
Regards
-----Original Message-----
From: Lutz Frommberger [mailto:lutz@informatik.uni-bremen.de]
Sent: Tuesday, June 14, 2005 7:01 AM
To: James FitzGibbon
Cc: users@subversion.tigris.org
Subject: Re: Disabling svn+ssh access?
Am Dienstag, den 14.06.2005, 06:56 -0400 schrieb James FitzGibbon:
> Presumably they have permissions as regular users to get to the repo
> on disk, not by becoming root or anything like that, so moving the
> repo one directory level down and changing ownership of the new parent
> to a group that the web server user is in but they are not should do
> the trick, wouldn't it?
No, not really. I want them (or at least some of them) to use the
svnadmin stuff, so they need full access.
regards,
--
Lutz Frommberger
SFB/TR 8 Spatial Cognition - Project R3-[Q-Shape]
Cognitive Systems Research Group, Universität Bremen
http://www.cosy.informatik.uni-bremen.de/staff/lutz/
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.9 - Release Date: 6/11/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.9 - Release Date: 6/11/2005
--
----------------------------------------------------------------------------
This electronic message contains information from Primus Telecommunications
Canada Inc. ("PRIMUS") , which may be legally privileged and confidential.
The information is intended to be for the use of the individual(s) or entity
named above. If you are not the intended recipient, be aware that any
disclosure, copying, distribution or use of the contents of this information
is prohibited. If you have received this electronic message in error, please
notify us by telephone or e-mail (to the number or address above)
immediately. Any views, opinions or advice expressed in this electronic
message are not necessarily the views, opinions or advice of PRIMUS.
It is the responsibility of the recipient to ensure that
any attachments are virus free and PRIMUS bears no responsibility
for any loss or damage arising in any way from the use
thereof.The term "PRIMUS" includes its affiliates.
----------------------------------------------------------------------------
Pour la version en français de ce message, veuillez voir
http://www.primustel.ca/fr/legal/cs.htm
----------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Disabling svn+ssh access?
Posted by Lutz Frommberger <lu...@informatik.uni-bremen.de>.
Am Dienstag, den 14.06.2005, 06:56 -0400 schrieb James FitzGibbon:
> Presumably they have permissions as regular users to get to the repo
> on disk, not by becoming root or anything like that, so moving the
> repo one directory level down and changing ownership of the new parent
> to a group that the web server user is in but they are not should do
> the trick, wouldn't it?
No, not really. I want them (or at least some of them) to use the
svnadmin stuff, so they need full access.
regards,
--
Lutz Frommberger
SFB/TR 8 Spatial Cognition - Project R3-[Q-Shape]
Cognitive Systems Research Group, Universität Bremen
http://www.cosy.informatik.uni-bremen.de/staff/lutz/
Re: Disabling svn+ssh access?
Posted by James FitzGibbon <jf...@primustel.ca>.
On Jun-14-05, at 6:32 AM, Lutz Frommberger wrote:
> usually users access the repository via WebDAV, and that works really
> fine. Some users, however, manage to checkout via svn+ssh (the users
> have an account there and the right permissions to do so and I can't
> easily change that), but this causes problems, as some hook scripts
> don't run due to permission problems. Also users confuse passwords
> etc.
>
> So I want to disable the svn+ssh access without disabling the ssh
> access. How can this be done?
Given that the URIs the users use don't have to have a direct
relationship to the location of the repo on disk, can't you just move
the repo somewhere on the server that only the WebDAV server can get
to? You'd need a few seconds of downtime (depending on whether the
new location was on the same filesytem or not), but the URIs the
users use wouldn't have to change, as you'd just change your SVNPath
or SVNParentPath directive to mask the move.
Presumably they have permissions as regular users to get to the repo
on disk, not by becoming root or anything like that, so moving the
repo one directory level down and changing ownership of the new
parent to a group that the web server user is in but they are not
should do the trick, wouldn't it?
--
j.
James FitzGibbon
Systems Developer, Primus Telecommunications Canada
416.644.6111
--
----------------------------------------------------------------------------
This electronic message contains information from Primus Telecommunications
Canada Inc. ("PRIMUS") , which may be legally privileged and confidential.
The information is intended to be for the use of the individual(s) or entity
named above. If you are not the intended recipient, be aware that any
disclosure, copying, distribution or use of the contents of this information
is prohibited. If you have received this electronic message in error, please
notify us by telephone or e-mail (to the number or address above)
immediately. Any views, opinions or advice expressed in this electronic
message are not necessarily the views, opinions or advice of PRIMUS.
It is the responsibility of the recipient to ensure that
any attachments are virus free and PRIMUS bears no responsibility
for any loss or damage arising in any way from the use
thereof.The term "PRIMUS" includes its affiliates.
----------------------------------------------------------------------------
Pour la version en fran�ais de ce message, veuillez voir
http://www.primustel.ca/fr/legal/cs.htm
----------------------------------------------------------------------------
Re: Disabling svn+ssh access?
Posted by Erik Huelsmann <eh...@gmail.com>.
On 6/14/05, Lutz Frommberger <lu...@informatik.uni-bremen.de> wrote:
> Am Dienstag, den 14.06.2005, 14:21 +0200 schrieb Miha Vitorovic:
> > AFAIK svn+ssh is just that , svn tunnelled over ssh. Isn't it as simple as
> > turning off 'svnserve' ?
>
> I don't know if Apache or any other subversion process uses svnserve.
No, neither svnadmin nor apache uses svnserve, so you can restrict
execution rights, or entirely remove it.
bye,
Erik.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Disabling svn+ssh access?
Posted by Miha Vitorovic <mv...@nil.si>.
Lutz Frommberger <lu...@informatik.uni-bremen.de> wrote on 14.06.2005
14:33:37:
> Am Dienstag, den 14.06.2005, 14:21 +0200 schrieb Miha Vitorovic:
> > AFAIK svn+ssh is just that , svn tunnelled over ssh. Isn't it as
simple as
> > turning off 'svnserve' ?
>
> I don't know if Apache or any other subversion process uses svnserve.
Apache doesn't, but svn+ssh does. So to disable svn+ssh but not ssh in
itself, all you need to do is turn off the svnserve... This is how I
understood your question.
Cheers,
---
Miha Vitorovic
Inženir v tehničnem področju
Customer Support Engineer
NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana, Slovenia
Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
Re: Disabling svn+ssh access?
Posted by Lutz Frommberger <lu...@informatik.uni-bremen.de>.
Am Dienstag, den 14.06.2005, 14:21 +0200 schrieb Miha Vitorovic:
> AFAIK svn+ssh is just that , svn tunnelled over ssh. Isn't it as simple as
> turning off 'svnserve' ?
I don't know if Apache or any other subversion process uses svnserve.
gruß,
--
Lutz Frommberger
SFB/TR 8 Spatial Cognition - Project R3-[Q-Shape]
Cognitive Systems Research Group, Universität Bremen
http://www.cosy.informatik.uni-bremen.de/staff/lutz/
Re: Disabling svn+ssh access?
Posted by Miha Vitorovic <mv...@nil.si>.
Lutz Frommberger <lu...@informatik.uni-bremen.de> wrote on 14.06.2005
12:32:43:
> Hi,
>
> usually users access the repository via WebDAV, and that works really
> fine. Some users, however, manage to checkout via svn+ssh (the users
> have an account there and the right permissions to do so and I can't
> easily change that), but this causes problems, as some hook scripts
> don't run due to permission problems. Also users confuse passwords etc.
>
> So I want to disable the svn+ssh access without disabling the ssh
> access. How can this be done?
AFAIK svn+ssh is just that , svn tunnelled over ssh. Isn't it as simple as
turning off 'svnserve' ?
Cheers,
---
Miha Vitorovic
Inženir v tehničnem področju
Customer Support Engineer
NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana, Slovenia
Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org