You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Unreal HSHH <hu...@gmail.com> on 2004/12/26 06:01:42 UTC
Any other authorization method except svnserve or apache?
Hi,
I am running a svn server.But I havn't apache.Is there any other
authorization method for SVN?
svnserve only supply very simple function.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Any other authorization method except svnserve or apache?
Posted by Ed MacDonald <ed...@hotmail.com>.
The svn+ssh protocol does *not* use svnserve in daemon mode. It just opens
a remote shell and executes a command (its own svnserve process that dies at
the end of the command). As a result the user must have write access to the
repo (at least if BDB is used - I don't know about the new FSFS).
"SVN over SSH" is different. You separately establish an SSH tunnel to the
host (or network) and tunnel the svn:// protocol through it. From then it
is just like you are using the svn:// protocol. The advantage is that the
user doesn't need *any* permissions on the server (other than the ability to
connect). In this instance the svnserve is running in daemon mode and will
restrict access to the repo based on the settings in the svnserve.conf and
password-db if any.
Ed
----- Original Message -----
From: "Kevin Williams" <ke...@bantamtech.com>
Cc: <us...@subversion.tigris.org>
Sent: Monday, December 27, 2004 11:32 AM
Subject: Re: Any other authorization method except svnserve or apache?
> Yes, you're right. Sorry. I haven't used svn+ssh:// in a while. :-/
>
>
> Jack O'Quin wrote:
> >>Ulrich Eckhardt wrote:
> >>
> >>>A third (and last) option is using SVN over SSH, using the system's
> >>>users to authenticate. However, this method is even more simple than
> >>>svnserve, as it doesn't even allow read-only access.
> >
> >
> > Kevin Williams <ke...@bantamtech.com> writes:
> >
> >
> >>I don't believe that's true. The repository is under the same
> >>permissions rules as any other file on the system. If the repository
> >>permissions are -rwxr-x--- and the user is in the "svn" group, the
> >>user would have read-only permission. If the user is not in the group
> >>they would have no permissions.
> >
> >
> > I understood the docs to say that even read-only access to the
> > repository requires that the server have R/W access to all its files.
> >
> > http://svnbook.red-bean.com/en/1.0/ch06s05.html
> >
> > But, even if the svnserve daemon has R/W access all the time, can't it
> > still grant individual users R/O access via its built-in authorization
> > mechanism?
>
> ----------
> Scanned for viruses by ClamAV
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Any other authorization method except svnserve or apache?
Posted by Kevin Williams <ke...@bantamtech.com>.
Yes, you're right. Sorry. I haven't used svn+ssh:// in a while. :-/
Jack O'Quin wrote:
>>Ulrich Eckhardt wrote:
>>
>>>A third (and last) option is using SVN over SSH, using the system's
>>>users to authenticate. However, this method is even more simple than
>>>svnserve, as it doesn't even allow read-only access.
>
>
> Kevin Williams <ke...@bantamtech.com> writes:
>
>
>>I don't believe that's true. The repository is under the same
>>permissions rules as any other file on the system. If the repository
>>permissions are -rwxr-x--- and the user is in the "svn" group, the
>>user would have read-only permission. If the user is not in the group
>>they would have no permissions.
>
>
> I understood the docs to say that even read-only access to the
> repository requires that the server have R/W access to all its files.
>
> http://svnbook.red-bean.com/en/1.0/ch06s05.html
>
> But, even if the svnserve daemon has R/W access all the time, can't it
> still grant individual users R/O access via its built-in authorization
> mechanism?
----------
Scanned for viruses by ClamAV
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Any other authorization method except svnserve or apache?
Posted by Jack O'Quin <jo...@io.com>.
> Ulrich Eckhardt wrote:
>> A third (and last) option is using SVN over SSH, using the system's
>> users to authenticate. However, this method is even more simple than
>> svnserve, as it doesn't even allow read-only access.
Kevin Williams <ke...@bantamtech.com> writes:
> I don't believe that's true. The repository is under the same
> permissions rules as any other file on the system. If the repository
> permissions are -rwxr-x--- and the user is in the "svn" group, the
> user would have read-only permission. If the user is not in the group
> they would have no permissions.
I understood the docs to say that even read-only access to the
repository requires that the server have R/W access to all its files.
http://svnbook.red-bean.com/en/1.0/ch06s05.html
But, even if the svnserve daemon has R/W access all the time, can't it
still grant individual users R/O access via its built-in authorization
mechanism?
--
joq
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Any other authorization method except svnserve or apache?
Posted by Robert Sfeir <yo...@gmail.com>.
First of all, if you want to have anonymous access there is no
password being passed, so there is no security issue there as you
first mentioned. So the way to do it is to simply enable svn:// read
only access to your repository, and svn+ssh:// for those who have unix
accounts. You can then control unix account directory control like
anything else you do on a unix box.
R
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Any other authorization method except svnserve or apache?
Posted by David Ripton <dr...@ripton.net>.
On 2004.12.27 07:25:17 +0000, Kevin Williams wrote:
> I don't believe that's true. The repository is under the same
> permissions rules as any other file on the system. If the repository
> permissions are -rwxr-x--- and the user is in the "svn" group, the user
> would have read-only permission. If the user is not in the group they
> would have no permissions.
Don't forget that when using the bdb backend, a user needs write
permission just to read the contents of the repository.
--
David Ripton dripton@ripton.net
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Any other authorization method except svnserve or apache?
Posted by Kevin Williams <ke...@bantamtech.com>.
I don't believe that's true. The repository is under the same
permissions rules as any other file on the system. If the repository
permissions are -rwxr-x--- and the user is in the "svn" group, the user
would have read-only permission. If the user is not in the group they
would have no permissions.
Ulrich Eckhardt wrote:
> Unreal HSHH wrote:
>
>>I am running a svn server.But I havn't apache.Is there any other
>>authorization method for SVN?
>>svnserve only supply very simple function.
>
>
> A third (and last) option is using SVN over SSH, using the system's users to
> authenticate. However, this method is even more simple than svnserve, as it
> doesn't even allow read-only access.
>
> Uli
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
----------
Scanned for viruses by ClamAV
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Any other authorization method except svnserve or apache?
Posted by Ulrich Eckhardt <ec...@satorlaser.com>.
Unreal HSHH wrote:
> I am running a svn server.But I havn't apache.Is there any other
> authorization method for SVN?
> svnserve only supply very simple function.
A third (and last) option is using SVN over SSH, using the system's users to
authenticate. However, this method is even more simple than svnserve, as it
doesn't even allow read-only access.
Uli
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org