On Thu, Feb 9, 2012 at 1:59 AM, <d.guthm...@gmx.net> wrote: > Hello, > > we run a subversion-server with apache and access it through https. Now we > want to grant also external developers access to our repositories. > As subversion-client we use subclipse via JavaHL under Windows. The > https-Port on the server is not reachable from any external network. > > I've now found the subversion-feature "svn+ssh" and I would like to use it as > a tunnel from those external developers computer. > > So the URL would be "svn+ssh://user@hostname:220/srv/svn/project/" - normally > we use the URL "https://hostname/repos/projekt/"; > > Would it work properly (e.g. executing hooks) or is it a problem to access > one repository in two different ways? The URL > "svn+ssh://user@hostname:220/srv/svn/projekt/" suggests that we are bypassing > the svn-Module...
As somone who strongly encourages the use of svn+ssh for security reasons, I can tell you there are security model differences. The ownership of the repository for Apache access is usually "apache". The ownership for svn+ssh, or svn, is usually a designated user such as "svn", so you have to make sure the repository is accessible to read/write for both users, *or* switch entirely to svn+ssh for write access, or do somethng complicated. There are complicated ways to do this, but I don't recomend them. You'll also need to rethink your password handling or key access model. Since the svn+ssh access works best with SSH keys designed to force the "svnserve" command with a hardcoded user name, you'll need a method to handle the SSH keys, both to add them and to expire them as needed. The Subversion "red book" is actually quite good about explaining this: it doesn't go into as much detail about supporting multiple access methods as you might like. > We also use some access-control features like "AuthzSVNAccessFile" in the > Apache-configuration - am I right assuming that those access-control doesn't > take effect when accessing over svn+ssh://? I'm afraid not. You'll need to use some of the more Subversion internal systems, such as pre-commit. > Thanks in Advance. > > Rgds. > Dieter > -- > Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir > belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
