Subversion & SVN+SSH Permissions

permissions svn
5,194

Even though userone is not a member of the myproject group, userone can checkout the whole repository.

The repositories are probably world-readable. You can change that by running

sudo chmod -R o-rws /svn/myproject

(Is this because userone is member of the sudo group?)

No, membership of the sudo group just means that you can gain root privileges through sudo. SVN wouldn't take advantage of that. (But, more generally, if a user has root privileges on a machine, they can read anything on it, you can't stop them.)

usertwo is a member of the myproject group, but cannot commit to the repository

What probably happened is that userone committed some new files to the repository and they end up owned by him and not writeable by the project group.

The usual solution to this is to make all the directories inside the project have the setgid bit set. That will force all files created inside them be owned by the project group.

sudo chmod -R g+s /svn/myproject

Then you also need to make sure that everyone's umask is set to 002, so that files will be group-writeable by default.

This all gets quite complicated, and fragile, so it may be easier to serve the SVN repository via https only.

Share:
5,194

Related videos on Youtube

NetStudent
Author by

NetStudent

Updated on September 18, 2022

Comments

  • NetStudent
    NetStudent over 1 year

    I want to set up some Subversion repositories, to be accessed via SVN+SSH, so that each repository is owned by a different group and is only accessible for reading and writing by the group's members. This is what I did so far:

    sudo addgroup myproject
sudo mkdir -p /svn/myproject
sudo svnadmin create /svn/myproject
sudo chown -R :myproject /svn/myproject
sudo chmod -R g+rws /svn/myproject

    However, something with my setup is not working properly...

    1. Even though userone is not a member of the myproject group, userone can checkout the whole repository. (Is this because userone is member of the sudo group?)
    2. usertwo is a member of the myproject group, but cannot commit to the repository due to an error: permission denied while accessing /svn/myproject/db/revprops/__something__/__something__

    Point 1) is an issue because it may mean everyone with shell access to the machine can checkout the code. Point 2) is problematic because a user with (apparently) the right permissions can't commit to the repository.

    What am I doing wrong in this setup?

  • vladr
    vladr almost 9 years
    You don't need to set everyone's umask to 002 if you enable ACLs on the filesystem and sudo setfacl -Rm d:g::rwX,g::rwX repo_dir/db

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to assign correct permissions to both webserver and svn users?
Permission errors when trying to checkout a subversion repo on a CIFS share
svn trouble with a commit from eclipse
Cannot access any svn file
SVN with Apache 2.2 error: "Forbidden You don't have permission to access /repos on this server"
Subversion: Can't move... Permission Denied
Samba, Apache and SVN. Getting the permissions right
svn won't accept my invalid certificate
How Do I Restrict Repository Access via WebSVN?
SVN txn-current-lock: Permission Denied