> -----Original Message----- > From: Andy Canfield [mailto:andy.canfi...@pimco.mobi] > Sent: woensdag 20 juli 2011 4:31 > To: Nico Kadel-Garcia > Cc: Bob Archer; users@subversion.apache.org > Subject: Re: Subversion: existing users > > > > On 07/20/2011 05:24 AM, Nico Kadel-Garcia wrote: > > On Tue, Jul 19, 2011 at 12:16 PM, Bob Archer<bob.arc...@amsi.com> > wrote: > >>> The most obvious authorization scheme is that of the host server; > >>> if > >>> there is a user named "andy" on that server with a password > >>> "jackel" > >>> then I would like to simply be able to talk to the subversion > >>> server as > >>> user named "andy" password "jackel". This is how ssh and sftp work. > >>> But > >>> apparently subversion can't handle that. True? > >> I would say FALSE. > >> > >> BOb > > It's feasible, but problematic. The solution involves giving "andy" a > > valid account on that machine, one with a local or network password, > User 'andy' already has a valid ssh/sftp login account on that machine. > Access to anything is controlled by the usual *nix mechanisms (in this > case OS X). > > because the "andy" account needs to be able to run the "svnserve" > > program. And doing this leads to risks of exposing the rest of the > > system to all your Subversion users. Also, group ownership to a shared > > repository needs to be carefully managed, and it puts the repository > > at risk of malcious users simply logging in and deleting bits from the > > Subversoin database. > My concept, which may be wrong, was that snvserve is run at boot time, > probably as user 'root' but possibly as a different user set up for this > task. I had assumed that the repositories in /var/svn/* are owned by the > svnserve user, and that the client (svn) can run on any computer in the > network. Then svn talks to svnserve via port 3690 and svnserve checks > the authentication (valid user name & password) and authorization > (permissions) and then svnserve does whatever is requested to the > particular repository (/var/svn/RepoName). > > Apparently I'm wrong, since you say that user 'andy' has to run svnserve > himself. If we do this for 'andy' and "bill' does this mean we're > running two copies of svnserve at the same time, one as user 'andy' and > the other as user 'bill'?
Svnserve can be used in two different modes. If you use svnserve via svn:// things work as you assumed. But if you use svn+ssh:// svnserver is started as the user who creates the ssh tunnel (as described in this mail). Bert