Bug#341438: subversion: please add svnserve option to only give
read-only access
Marc Haber
mh+debian-bugs at zugschlus.de
Sat Dec 3 14:01:18 UTC 2005
On Sat, Dec 03, 2005 at 01:46:19PM +0000, Max Bowsher wrote:
> Uh... an -R (--read-only) option *ALREADY* exists. In fact, it has been
> deprecated in favour of a repository's svnserve.conf file.
... and it is not documented in the svnserve man page.
>
> Please explain why it is desirable to control access through svnserve
> invocation, rather than by user identity.
$ grep svn .ssh/authorized_keys
from="192.168.123.92",command="svnserve -t -R" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu0DKRi2tHpQcpFLuBqLvS/LbOnBTMlkprHuJSQeglX/LW1+gvh5OkmKD6CZDjJ/OCK6nGGJUf5ap33uLlXoHBifDetxr+p8xk2pcvUcV7hSWGRkVqHE+YA3TvonX8ga4YuX7F1Jwa21TUATXljbbdgbLMAx/oaUT98PN/XzF2nn/cAOslt6O6GR6asx4/xU3dCe69DpHeo6Fiq+1fJv0fmwiaUH5yF5uH4bzDMVebTiO0siKgVILPNMAuxo4W3osxXUdAM5xHs7ZL1X2ykFl3JPENKIGOfUm0MyaUATTOJunDfTHZiLKg/WKhXHYIOnCqPU5LIKMqWRJNFzMSwEwKQ== mh at lefler-chroot 2004-05-23
The key in question only grants read-only access to the repository,
and only if the request is received from 192.168.123.92. The account
itself can get r/w access from a shell.
This is, for example, an issue on public systems where each individual
only gets a single account and doesn't want to expose the repository
r/w to a passphraseless key for automatic processes while still being
able to commit from a shell on the same account.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the pkg-subversion-maintainers
mailing list