Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

SVN server permissions
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pmatos
Veteran
Veteran


Joined: 06 Jun 2003
Posts: 1246
Location: Eckental, Germany
PostPosted: Tue Jul 28, 2009 12:14 pm    Post subject: SVN server permissions Reply with quote
Hi all,

In one of the gentoo machines I run a svn server whose repositories are at /var/svn-repositories/.
I use unix logins to access the repository and the files inside the repository can only be changed by those in group svn.
However, some of the users are in other groups. How can I assure that when a user changes the repository, therefore changing the file <rep>/db/current, the group the file ends up with is svn and not other group the user might be in?

Cheers,

Paulo Matos
Back to top
View user's profile Send private message
aceFruchtsaft
Guru
Guru


Joined: 16 May 2004
Posts: 438
Location: Vienna, Austria
PostPosted: Wed Jul 29, 2009 8:58 am    Post subject: Reply with quote
You can always force the group of a newly created file/directory to be set to the parent directory's group by setting the SGID bit on the parent directory, e.g:
Code:

chmod g+s /foo


However, I don't understand. Why would you ever want your users to directly interact with the subversion repository? The usual setup is to run svn as an apache module and to access the repository exclusively via HTTP/WebDAV. In that scenario the repository is accessed using the effective user of the apache process. You can still control access via group memberships using the appropriate directives in the apache config files, but you do not need to do this at the filesystem level.
Back to top
View user's profile Send private message
pmatos
Veteran
Veteran


Joined: 06 Jun 2003
Posts: 1246
Location: Eckental, Germany
PostPosted: Wed Jul 29, 2009 10:27 am    Post subject: Reply with quote
aceFruchtsaft wrote:
You can always force the group of a newly created file/directory to be set to the parent directory's group by setting the SGID bit on the parent directory, e.g:
Code:

chmod g+s /foo


However, I don't understand. Why would you ever want your users to directly interact with the subversion repository? The usual setup is to run svn as an apache module and to access the repository exclusively via HTTP/WebDAV. In that scenario the repository is accessed using the effective user of the apache process. You can still control access via group memberships using the appropriate directives in the apache config files, but you do not need to do this at the filesystem level.


Thanks for the tip. And you're right. The setup is not perfect but I got this server from a previous admin and I never got around to change it. Thanks! :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy