[scponly] subversion support

Dimitri Papadopoulos-Orfanos papadopo at shfj.cea.fr
Wed Apr 6 09:50:01 EDT 2005 

Hi,

I have some problems using subversion with scponly. Some of them are 
known problems, for others I couldn't find a solution in the mailing 
list archive.


1) Some configure options fail at compile time.

I configure scponly this way:
	./configure \
		--prefix=/usr/local/scponly-4.0 \
		--enable-svn-compat \
		--disable-scp-compat \
		--disable-gftp-compat \
		--disable-winscp-compat \
		--disable-sftp \
		--disable-wildcards
This doesn't work with scponly-4.0 because of missing #ifdef's. It does 
work with scponly.c from CVS.



2) scponly expects 'svn' instead of 'svnserve'

This had been already discussed here:
https://lists.ccs.neu.edu/pipermail/scponly/2005-March/000774.html

I've used the following patch to work around this problem:

--- configure.in-	2004-11-28 21:26:44.000000000 +0100
+++ configure.in	2005-04-06 14:03:20.208600910 +0200
@@ -237,7 +237,7 @@

  if test "x$enable_svn_compat" != "x" && test "x$enable_svn_compat" != 
"xno"; then
  	AC_MSG_NOTICE([enabling subversion compatability...])
-	SCPONLY_PATH_PROG_DEFINE([PROG_SVN],   [svn], 
[/bin:/usr/bin:/usr/local/bin])
+	SCPONLY_PATH_PROG_DEFINE([PROG_SVN],   [svnserve], 
[/bin:/usr/bin:/usr/local/bin])
  fi

  if test "x$enable_passwd_compat" != "x" && test 
"x$enable_passwd_compat" != "xno"; then



3) It still doesn't work - maybe because of the '-t' option flag?

Here is the log with scponly. scponly is referenced in /etc/shells.
The same command works with the bash shell.

$ svn log svn+ssh://dimitri@svnhost/home/svn/repos/
[4402]: 3 arguments in total.
[4402]:         arg 0 is scponly
[4402]:         arg 1 is -c
[4402]:         arg 2 is svnserve -t
[4402]: opened log at LOG_AUTHPRIV, opts 0x00000029
[4402]: retrieved home directory of "/home/dimitri" for user "dimitri"
[4402]: setting uid to 1001
[4402]: processing request: "svnserve -t"
[4402]: denied request: svnserve -t [username: dimitri(1001), IP/port: 
::ffff:132.111.11.11 65407 22]
svn: Connection closed unexpectedly
$

Any clues? Should I try to restrict users to use Subversion in another 
way, possibly without scponly?



4) Our Subversion setup requires a different umask (0007).

Under bash I can set umask in ~/.bashrc. Can I set umask under scponly?


Regards,
Dimitri Papadopoulos

More information about the scponly mailing list