OT: Re: [scponly] subversion support
Dimitri Papadopoulos-Orfanos
papadopo at shfj.cea.fr
Fri Apr 8 12:37:50 EDT 2005
Hi,
> I disagree -- this doesn't work as you indicated. I have a single repository
> which I'll call svnrepos. Our users then have "sites" that exist in that
> repository. I have to give people access to only their site, without giving
> them access to somebody else's site. Because of the BDB and FSFS structure,
> I can't give them just filesystem access to a single path within that tree no
> matter how many ACE's and groups I create. [...]
Why wouldn't that work? I'm a bit worried because that's what I'm
setting up right now.
My understanding is that 'svn:' and 'svn+ssh:' are different with
respect to access rights. Using 'svn+ssh:' svnserve is run as the user
who actually logged in through SSH. Using plain 'svn:' svnserve is
always run as the same single user (which leaves you with Subversion
blanket access control and doesn't help much indeed).
So in the svn+ssh: case it should be possible to enforce access to the
files based on user, groups, and file permissions:
http://svnbook.red-bean.com/en/1.1/ch06s03.html#svn-ch-6-sect-3.4
Could you please elaborate on this:
Because of the BDB and FSFS structure, I can't give them just
filesystem access to a single path within that tree no matter
how many ACE's and groups I create.
Also, just wondering, if you prefer 'https:' to manage access rights,
why not use 'https:' in the first place instead of this combination of
ssh and subversion?
Dimitri Papadopoulos
More information about the scponly
mailing list