| View previous topic :: View next topic |
| Author |
Message |
lamekain
Guru
Joined: 25 Nov 2003
Posts: 331
Location: Helsinki, Finland
|
 Posted: Sat Oct 15, 2005 10:14 am Post subject: Running svnserve on port 22 as non-root? |
 |
|
Hi!
I just installed subversion and got it working. I got it working with ssh+svn and with only svn. I'd prefer only svn, because it makes configuring the --root -cmd-variable easier (don't want to start messing with ssh public-keys, etc..). I have to use 22 because of the firewall restrictions.
The problem is that I have to start svnserve as root to get it to bind to the port 22. Is it possible to get svnserve to bind to the port 22 as root and then switch the user to someone more restricted?
_________________
"Only when the last tree has died, the last river been poisoned,
and the last fish been caught, will we realize we cannot eat money"
-Global Terrorism.org |
|
| Back to top |
|
 |
elestedt
Guru
Joined: 13 Mar 2005
Posts: 383
|
| Posted: Sat Oct 15, 2005 11:05 am Post subject: Re: Running svnserve on port 22 as non-root? |
|
|
| lamekain wrote: | Hi!
I just installed subversion and got it working. I got it working with ssh+svn and with only svn. I'd prefer only svn, because it makes configuring the --root -cmd-variable easier (don't want to start messing with ssh public-keys, etc..). I have to use 22 because of the firewall restrictions.
The problem is that I have to start svnserve as root to get it to bind to the port 22. Is it possible to get svnserve to bind to the port 22 as root and then switch the user to someone more restricted? |
- If you have SSHd running you can't get anything else to bind to that port.
- If you have root access, then why not open a port in the FW?
|
|
| Back to top |
|
|
lamekain
Guru
Joined: 25 Nov 2003
Posts: 331
Location: Helsinki, Finland
|
| Posted: Sat Oct 15, 2005 11:29 am Post subject: Re: Running svnserve on port 22 as non-root? |
|
|
| Quote: | - If you have SSHd running you can't get anything else to bind to that port.
|
Yep. Well aware of that. However SSHd wouldn't be running when I need svnserve to run.
| Quote: | - If you have root access, then why not open a port in the FW?
|
Well I don't have root access to the internet gateway and they've opened port 22 for me but not the others.
_________________
"Only when the last tree has died, the last river been poisoned,
and the last fish been caught, will we realize we cannot eat money"
-Global Terrorism.org |
|
| Back to top |
|
|
elestedt
Guru
Joined: 13 Mar 2005
Posts: 383
|
| Posted: Sat Oct 15, 2005 11:36 am Post subject: Re: Running svnserve on port 22 as non-root? |
|
|
| lamekain wrote: | | Quote: | - If you have SSHd running you can't get anything else to bind to that port.
|
Yep. Well aware of that. However SSHd wouldn't be running when I need svnserve to run. |
Well then, take a look at
| lamekain wrote: | | Quote: | - If you have root access, then why not open a port in the FW?
|
Well I don't have root access to the internet gateway and they've opened port 22 for me but not the others. |
Why not try to get them to open 3690 as well? |
|
| Back to top |
|
|
lamekain
Guru
Joined: 25 Nov 2003
Posts: 331
Location: Helsinki, Finland
|
| Posted: Sat Oct 15, 2005 11:46 am Post subject: Re: Running svnserve on port 22 as non-root? |
|
|
| elestedt wrote: | Well then, take a look at
|
Why? Seen it already. How does it help?
| elestedt wrote: | | lamekain wrote: | | Quote: | - If you have root access, then why not open a port in the FW?
|
Well I don't have root access to the internet gateway and they've opened port 22 for me but not the others. |
Why not try to get them to open 3690 as well? |
Ok. I give up. I'll bug them. My point was to ask if there was an easy solution for making svnserve running on 22 more secure, but I guess there isn't or at least neither of us know it. The ideal solution would be the good old "start server and bind it to port 22 as root and then su to someone else" pattern which some people use with tomcat, etc..
_________________
"Only when the last tree has died, the last river been poisoned,
and the last fish been caught, will we realize we cannot eat money"
-Global Terrorism.org |
|
| Back to top |
|
|
elestedt
Guru
Joined: 13 Mar 2005
Posts: 383
|
| Posted: Sat Oct 15, 2005 11:50 am Post subject: Re: Running svnserve on port 22 as non-root? |
|
|
| lamekain wrote: | | elestedt wrote: | Well then, take a look at
|
Why? Seen it already. How does it help?
|
| Code: | DESCRIPTION
svnserve allows access to Subversion repositories using the svn network protocol. It can both run as a standalone server process, or it can run out of inetd. You must choose a mode of opera-
tion when you start svnserve. The following options are recognized:
-d, --daemon
Causes svnserve to run in daemon mode. svnserve backgrounds itself and accepts and serves TCP/IP connections on the svn port (3690, by default).
--listen-port=port
Causes svnserve to listen on port when run in daemon mode.
|
All you need to do as root is | Code: | | su - <user> -c svnserve -d --listen-port=22 |
and some more options. |
|
| Back to top |
|
|
lamekain
Guru
Joined: 25 Nov 2003
Posts: 331
Location: Helsinki, Finland
|
| Posted: Sat Oct 15, 2005 12:02 pm Post subject: |
|
|
Thanks. I guess it's working now. You have to put the command in "" though so the complete thing would be:
| Code: | | su -USERNAME -c "svnserve -d --listen-port=22" |
_________________
"Only when the last tree has died, the last river been poisoned,
and the last fish been caught, will we realize we cannot eat money"
-Global Terrorism.org |
|
| Back to top |
|
|
|
Networking & Security
