Bug#341438: subversion: please add svnserve option to only give
read-only access
Max Bowsher
maxb1 at ukf.net
Sat Dec 3 20:36:02 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
tags 341438 + upstream fixed-upstream
thanks
Marc Haber wrote:
> On Sat, Dec 03, 2005 at 01:46:19PM +0000, Max Bowsher wrote:
>
>>Uh... an -R (--read-only) option *ALREADY* exists. In fact, it has been
>>deprecated in favour of a repository's svnserve.conf file.
>
>
> ... and it is not documented in the svnserve man page.
>
>
>>Please explain why it is desirable to control access through svnserve
>>invocation, rather than by user identity.
>
>
> $ grep svn .ssh/authorized_keys
> from="192.168.123.92",command="svnserve -t -R" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu0DKRi2tHpQcpFLuBqLvS/LbOnBTMlkprHuJSQeglX/LW1+gvh5OkmKD6CZDjJ/OCK6nGGJUf5ap33uLlXoHBifDetxr+p8xk2pcvUcV7hSWGRkVqHE+YA3TvonX8ga4YuX7F1Jwa21TUATXljbbdgbLMAx/oaUT98PN/XzF2nn/cAOslt6O6GR6asx4/xU3dCe69DpHeo6Fiq+1fJv0fmwiaUH5yF5uH4bzDMVebTiO0siKgVILPNMAuxo4W3osxXUdAM5xHs7ZL1X2ykFl3JPENKIGOfUm0MyaUATTOJunDfTHZiLKg/WKhXHYIOnCqPU5LIKMqWRJNFzMSwEwKQ== mh at lefler-chroot 2004-05-23
>
> The key in question only grants read-only access to the repository,
> and only if the request is received from 192.168.123.92. The account
> itself can get r/w access from a shell.
>
> This is, for example, an issue on public systems where each individual
> only gets a single account and doesn't want to expose the repository
> r/w to a passphraseless key for automatic processes while still being
> able to commit from a shell on the same account.
OK, I'm convinced. svnserve -R undeprecated on Subversion trunk
(1.4.0-dev), and backport to 1.3.0 proposed.
Max.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
iD8DBQFDkgGxfFNSmcDyxYARAkswAKCuvU7y72htEgt+ujhV7n8LcF/ydwCfRByn
SukiM/kCMJDG1AwV/xOcTvI=
=HIB8
-----END PGP SIGNATURE-----
More information about the pkg-subversion-maintainers
mailing list