Am 24.07.2010 04:46, schrieb Nico Kadel-Garcia:
On Fri, Jul 23, 2010 at 6:25 AM, Ulf Seltmann<seltm...@digitalzone.de> wrote:
Hello all,
i'm hav a multihost environment and i want to provide svn access for
arbitrary customers via dav_svn. is there a solution to have the
svn-directories of the users only available to the unix-users of the
customer instead to make them writable to the apache user (which mod_dav_svn
is using due to the fact that its an apache-module?
Yes. Switch *EVERYONE* to ssh+svn for protected access,
No. thats not acceptable, because every user that needs access tho the
svn needs an pam-, respektively unix-account. the administrative expense
would be to high. i want my customers to add/remove the svn-users via
.htpasswd/webfrontend
because https and http and svn access all still have the issue of the UNIX or
Linux
clients saving passwords in cleartext, with no way for the server to
prevent it. Or insist that UNIX users also use https: there is no
reasonable excuse for providing direct write access to the repository
as other users.
only https is allowed for svn
maybe it is possible to use cgi-access to svnserve to use suexec?
It gets tricky. ssh+svn allows you to channel all access to go through
a particular 'uid' that has the correct permissions set to be able to
write to the repository. It's possible to set the repository
permissions with group permissions, and directory permissions of 4775,
4770! no reason to give all read access
to have a shared group of which the "apache" user is a member. But I
prefer, very strongly, to force the Subversion repository to be owned
by a single user for management and permissions control.
Yes me too. But as i mentioned above: its a no go. i will not add an
unix-account for every silly user my customers want to have access to
their svn. although i don't want to give writepermissions to
apache-group 'cause its a potential securityrisk i cant estimate. i have
to add the unix-user to that group too and so the user has theoretically
access th all svn directories set up like this.
ciao
ulf
