You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Kristian Kauper <kk...@au.yahoo-inc.com> on 2006/11/13 06:15:41 UTC
passwd file permissions with svn+ssh
Hi All,
I've seen this issue discussed on-line (in fact, on this mailing list, but
it wasn't resolved), but I can't find any bug in the issue tracker. Here's
the scenario:
I allow access to my repository via the svn:// scheme. So I have user
credentials stored in my repository's "passwd" file (to be clear, this is
subversion's passwd file, not the system passwd file). For security, I want
the permissions on this file to be set to 0600.
The problem is that I also want to support the svn+ssh:// scheme. But, when
I try to use ssh to access the repository, SVN complains that it can't read
the passwd file -- no kidding, I certainly don't want everyone who can log
in via SSH (or, to be precise, those in the "svn" group) to also be able to
read all of the subversion credentials.
Is there any way around this? I certainly think this is a bug, as SVN should
not have to read the passwd file if the user is already authenticated via
SSH.
Thanks.
Kristian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: passwd file permissions with svn+ssh
Posted by Marcus Rueckert <da...@web.de>.
On 2006-11-13 17:15:41 +1100, Kristian Kauper wrote:
> The problem is that I also want to support the svn+ssh:// scheme. But, when
> I try to use ssh to access the repository, SVN complains that it can't read
> the passwd file -- no kidding, I certainly don't want everyone who can log
> in via SSH (or, to be precise, those in the "svn" group) to also be able to
> read all of the subversion credentials.
>
what subversion release is that?
i am sure we had a patch for this at some point.
darix
--
openSUSE - SUSE Linux is my linux
openSUSE is good for you
www.opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org