You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Bradley Wagner <br...@hannonhill.com> on 2006/06/30 13:17:15 UTC
revoking ssh access after switching to http
Kind of a strange question but here goes. The svn binaries live in /
usr/local/bin on my machine. I have just set up Apache2 with SVN
modules and would like to force users to use this. Is there anyway to
disallow ssh access to the repository? Given that the binaries are
available when a user logs in via SSH I'm not sure there is a way to
do this, without moving the ssh binaries. Even then, if a user knew
the location of the binaries, they could make them available on their
path in their .bashrc file and continue committing with ssh. I can't
revoked SSH access to the machine because developers need it for
other things.
My main problem with ssh access is that I can't enforce my access
restrictions to various parts of the repository as with the Apache2
modules.
I figure someone must have had this problem before.
Thoughts?
Bradley
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: revoking ssh access after switching to http
Posted by Bradley Wagner <br...@hannonhill.com>.
> What version of Subversion are you using? As of SVN 1.3, you can do
> per-directory access controls with svnserve pretty much the same as
> you can with Apache2, I'm pretty sure.
Andy, thanks for that. That is not reflected in the nightly build of
the SVN book ( http://svnbook.red-bean.com/nightly/en/svn-
book.html#svn.serverconfig.svnserve.auth.general ), but you are
absolutely right. I was able to restrict access using my same access-
file for apache.
Bradley
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: revoking ssh access after switching to http
Posted by Andy Levy <an...@gmail.com>.
On 6/30/06, Bradley Wagner <br...@hannonhill.com> wrote:
> Kind of a strange question but here goes. The svn binaries live in /
> usr/local/bin on my machine. I have just set up Apache2 with SVN
> modules and would like to force users to use this. Is there anyway to
> disallow ssh access to the repository? Given that the binaries are
> available when a user logs in via SSH I'm not sure there is a way to
> do this, without moving the ssh binaries. Even then, if a user knew
> the location of the binaries, they could make them available on their
> path in their .bashrc file and continue committing with ssh. I can't
> revoked SSH access to the machine because developers need it for
> other things.
I assume you mean moving the SVN binaries?
> My main problem with ssh access is that I can't enforce my access
> restrictions to various parts of the repository as with the Apache2
> modules.
What version of Subversion are you using? As of SVN 1.3, you can do
per-directory access controls with svnserve pretty much the same as
you can with Apache2, I'm pretty sure.
Failing that, you can use a pre-commit hook to enforce permissions.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org